-1

I setup Cloudflare CDN for my site. I added my site to Cloudflare and it asked me to add Cloudflare nameserver to my domain. I did that in my DNS registrar portal. That's all I did.

Now I'm able to access my site with my domain name, and it is served from Cloudflare. The HTTPS padlock is green and good. How is this possible? They say it is end to end HTTPS.

As I checked now, the certificate is not my domain's but Cloudflare's. https://i.imgur.com/o6TbC7Y.png

So they created a new cert with their own CA. Cool, but still the name in cert is not matching the name in URL. How my browser is allowing this?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Mani Bharathy
  • 57
  • 4
  • All of your original questions are answered by the link in your post. And I think so is the new one. The connection to the CDN is one encrypted connection. The connection from the CDN to your server is another. How can they do this? You added them to your DNS. – schroeder Jul 17 '20 at 09:02
  • But the CN in the certificate is different from my domain name as you can see in the image. Then how the browser shows the padlock saying "connection is secure" – Mani Bharathy Jul 17 '20 at 09:15
  • Look more carefully: the connection from the client to the CDN is encrypted one way, then the connection from the CDN to your browser is encrypted again. – schroeder Jul 17 '20 at 09:40
  • As for the certificate that CloudFlare is serving for your site - look in the `Subject Alt Names` field. Does your site's domain name appear as one of the names listed in this field? – mti2935 Jul 17 '20 at 10:49
  • @mti2935 yes, the main domain is in the SAN – schroeder Jul 17 '20 at 11:13
  • 1
    @schroeder That makes sense. That's the reason why his browser shows the certificate as trusted for his site. – mti2935 Jul 17 '20 at 11:42

1 Answers1

1

As explained in the post you've linked to with some comments added by my own:

Cloudflare recommends [one] end-to-end encryption of traffic between site visitors and the Cloudflare network and [another one] between Cloudflare’s network and your origin web server.

Thus, there are two end-to-end connections here. One from client to Cloudflare and another from Cloudflare to your server. It is not client to server encryption as you probably think but one encryption between client and Cloudflare and another between Cloudflare and your server.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424