ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to use a Cloudflare origin certificate on an Azure App

    IT Discussion
    origin certificate ssl cloudflare azure
    1
    1
    618
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      I am assuming that you followed my guide to Setup a Cloudflare Origin Certificate.

      1. Log on to a Linux based system of any type.
        • If you like annoying, and you might since you are using Azure, feel free to get openssl setup on Windows. Just don't ask me.
      2. Save the origin certificate file as origin.domain.pem.
      3. Save the origin key file as origin.domain.key.
      4. Save the chain file (ECC version) as chain.domain.pem.
        You should end up with this.
      [jbusch@dt-jared Azure]$ ls -las
total 24
4 drwxrwxr-x. 2 jbusch jbusch 4096 Apr 28 23:14 .
4 drwxrwxr-x. 3 jbusch jbusch 4096 Apr 28 23:10 ..
4 -rw-rw-r--. 1 jbusch jbusch  939 Apr 28 23:10 chain.bundystl.com.pem
4 -rw-rw-r--. 1 jbusch jbusch  241 Apr 28 23:11 origin.bundystl.com.key
4 -rw-rw-r--. 1 jbusch jbusch 1151 Apr 28 23:11 origin.bundystl.com.pem
      1. Create the PFX certificate with with a passcode using openssl
      [jbusch@dt-jared Azure]$ openssl pkcs12 -export -in origin.bundystl.com.pem -inkey origin.bundystl.com.key -out origin.bundystl.com.pfx -certfile chain.bundystl.com.pem
Enter Export Password: samepasswordtwice
Verifying - Enter Export Password: samepasswordtwice
[jbusch@dt-jared Azure]$

      1. Add a cname in Cloudflare for your domain pointing to your appservice.azurewebsites.net. Make sure the orange cloud is unchecked for now.
        6d3e6611-ce43-4657-9cec-7394e5cd268e-image.png

      2. Sign in to Azure, go to the App services, click on your app, and then Custom domains.
        cc31f3e7-a2eb-440c-8c33-404110a97288-image.png

      3. Click Add custom domain and put in the domain in the box and click validate.
        8492a78b-1a52-40c5-9087-6f74c5918d96-image.png

      4. Wait a moment while it checks for hte DNS record, and then click the Add custom domain box above the two green checks :white_heavy_check_mark:.

      5. Click Add binding on the prior panel.
        8fd6acf7-1868-4925-8cfc-a29faa61f93c-image.png

      6. Click the Upload PFX Certificate button.
        497c4af7-18a4-467d-a573-cf4d57aec373-image.png

      7. Browse to the file and enter the password, then click upload.
        Save it off the Linux machine if you need to back to your desktop.
        8e6d35fe-da8d-446d-8864-08fd7a557edc-image.png

      8. It will upload and thn you have to choose the certificate and type. Each box only has one option.
        12bc2cdd-dee7-4e34-93d5-d1925fa89ea5-image.png

      9. Choose the only options and click Add Binding at the bottom.
        1c3ac554-f6c5-405e-aef2-d03d0e87ea0b-image.png

      10. You will see the new domain showing and have the secure check mark.
        b61f80b3-f12f-410c-b4f5-f274177d8de5-image.png

      11. Go back over to Cloudflare and turn on the orange cloud.
        ac6e7387-d849-4123-9d6a-3a6e1c725915-image.png

      12. Optionally, this depends on the other DNS entries you have with the orange cloud all having valid SSL, you can enable Strict SSL.
        80e4da4f-fb9e-4672-af2d-043827ed1a26-image.png

      1 Reply Last reply Reply Quote 4
      • 1 / 1
      • First post
        Last post