Using Cloudflare Origin Certificates with Azure App Services

Cloudflare can be used by anyone with a website and their own domain, regardless of your choice of platform. It automatically optimises the delivery of your web pages so your visitors get the fastest page load times and the best performance. Furthermore, it blocks threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. As a result, Cloudflare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

However, while Cloudflare ensures you have TLS between the browser and their servers, they are more permissive when it comes to TLS between their servers and your origin server (in our case Azure App Service).

Ideally, what we want is Full SSL (Strict) where Cloudflare communicates with your origin server over HTTPS, using an SSL certificate issued by a valid Certificate Authority. Luckily, Cloudflare provides you with the ability to generate a Cloudflare signed certificate for your origin that complies with the Strict policy which is precisely what we will be teaching you today.

Step-By-Step Guide

1) Go to and download the installer (for Windows only).

2) Take note of the installation location as all files generated and saved later on will go into folder.

3) Head over to Cloudflare and under the appropriate domain, create a certificate under ‘Crypto’ and ‘Origin Certificates’.

4) Ensure your private key is RSA and the domain (or subdomains) that you’re installing it on is inside the hostnames.

5) Click ‘Next’ and save the contents under ‘Origin Certificate’ on a text editor. Ensure it is saved as .pem with ‘All Files’ type and ‘ANSI’ encoding. E.g. example.pem

6) Do the same for the contents under ‘Private Key’ but save it as .key instead. E.g. example.key

7) Move both the .key and .pem files to the SSL folder installed in Step 2 and run the .exe file in the ‘bin’ folder. A command prompt should appear.

8) Type in the command ‘pkcs12 -export -inkey corsiva.key -in corsiva.pem -name corsiva -out corsiva.pfx (bolded portions to be changed accordingly).

9) A prompt will appear to enter export password. Type in your desired password and retype it again to verify.

10) A .pfx file will be generated in the ‘bin’ folder of the SSL folder.

11) Head over to Azure App Service, choose the appropriate domain name > ‘SSL Certificates’ > ‘Upload Certificate’.

12) Choose ‘Private’ > Upload and key in the password in Step 9.

13) Under ‘SSL Certificates’, click ‘Add Binding’ under ‘SSL Bindings’. Select your hostname and certificate. Submit and give it some time to process.

14) Head over to Cloudflare and under ‘DNS’, ensure the host has an orange cloud icon. Give it some time for the cache to clear and it should work perfectly afterwards.

If you have any questions, don’t hesitate to contact us! As a web development company as well as a web design company, Corsiva Lab is equipped with the expertise to help you build and design a website that is user-friendly, attractive and interactive. Additionally, as a digital marketing agency, we will be able to help you increase your website’s online visibility and Google rankings. If you would like more information regarding web design and development or digital marketing, do head over to our website and drop our friendly web design Singapore team a message.




Founded by a team of young entrepreneurs, Corsiva Lab is Singapore’s very own creative web design and digital marketing agency.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Perfectus: CircleCI Integration

How to effortlessly create a website for free with GitHub

Meet Confio Series #11

3 Questions About Telco Journey to Cloud Native (With Answers)

Does the Dynamic form system useful?

Introducing Vale Server

Work Smarter, Not Harder: Rebooting the Salesforce Admin Role

Guide to setup and modify Life Cycle Services Methodology

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Corsiva Lab

Corsiva Lab

Founded by a team of young entrepreneurs, Corsiva Lab is Singapore’s very own creative web design and digital marketing agency.

More from Medium

Mule4- Custom Configuration Properties Provider AWS-SECRETS MANAGER

MERN and Azure : Website, API, database and infrastructure

Run a Spring boot docker image on windows with a MySQL local database connection

Part 3: Using Object Storage S3 Compatible API – Oracle Cloud