Replies: 1 comment 2 replies
-
|
The Origin Certificate that you are using is only used for one connection: Cloudflared via the tunnel to the respecting host. For your browser, the Cloudflare Server (reverse proxy) is still using his normal certificate, that you cannot change in the free version. The strict mode itself can easily be activated if you use encrypted connections for all hosts, so your solution is working perfectly fine with strict mode. I hope this makes sende, please let me know if there is anything unclear. |
Beta Was this translation helpful? Give feedback.
-
|
yes, the strict mode succesfully load the webpage for all hosts without any warning and error. so the connection via tunnel use origin certificate that already create and install to server, is it already working properly? if this is still using his normal certificate, then how we can working perfectly fine using his paid version? because cloudflare dashboard only show below capture. there are no options for free or paid version.
|
Beta Was this translation helpful? Give feedback.
-
|
I am sorry but I do not really get your question. The way this is working is the following:
So if everything is working fine with strict encryption setting and using https for all hosts, you are good. |
Beta Was this translation helpful? Give feedback.
-
Hi @brenner-tobias
Currently I used managed Cloudflared tunnel and catch-all rule to NPM. The tunnel "end" in HomeAssistant and NPM running as addon in HA as well.
I create a Origin Certificate for my domain and then deploy this origin certificate to HA below address. Then change the SSL/TLS mode to Full (strict)
But after check my domain certificate in the browser, the certificate still issued by Google Trust Services LLC . it should be issued by CloudFlare Origin SSL Certificate Authority.
How we can implementation Cloudflared with Full (strict) mode use Cloudflare Origin CA certificate?
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions