Image for post
Image for post

Using Cloudflare Origin Certificates with Azure App Services

Cloudflare can be used by anyone with a website and their own domain, regardless of your choice of platform. It automatically optimises the delivery of your web pages so your visitors get the fastest page load times and the best performance. Furthermore, it blocks threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. As a result, Cloudflare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

However, while Cloudflare ensures you have TLS between the browser and their servers, they are more permissive when it comes to TLS between their servers and your origin server (in our case Azure App Service).

Ideally, what we want is Full SSL (Strict) where Cloudflare communicates with your origin server over HTTPS, using an SSL certificate issued by a valid Certificate Authority. Luckily, Cloudflare provides you with the ability to generate a Cloudflare signed certificate for your origin that complies with the Strict policy which is precisely what we will be teaching you today.

Step-By-Step Guide

1) Go to https://slproweb.com/products/Win32OpenSSL.html and download the installer (for Windows only).

2) Take note of the installation location as all files generated and saved later on will go into folder.

Image for post
Image for post

3) Head over to Cloudflare and under the appropriate domain, create a certificate under ‘Crypto’ and ‘Origin Certificates’.

Image for post
Image for post

4) Ensure your private key is RSA and the domain (or subdomains) that you’re installing it on is inside the hostnames.

Image for post
Image for post

5) Click ‘Next’ and save the contents under ‘Origin Certificate’ on a text editor. Ensure it is saved as .pem with ‘All Files’ type and ‘ANSI’ encoding. E.g. example.pem

Image for post
Image for post

6) Do the same for the contents under ‘Private Key’ but save it as .key instead. E.g. example.key

Image for post
Image for post

7) Move both the .key and .pem files to the SSL folder installed in Step 2 and run the .exe file in the ‘bin’ folder. A command prompt should appear.

8) Type in the command ‘pkcs12 -export -inkey corsiva.key -in corsiva.pem -name corsiva -out corsiva.pfx (bolded portions to be changed accordingly).

Image for post
Image for post

9) A prompt will appear to enter export password. Type in your desired password and retype it again to verify.

Image for post
Image for post

10) A .pfx file will be generated in the ‘bin’ folder of the SSL folder.

11) Head over to Azure App Service, choose the appropriate domain name > ‘SSL Certificates’ > ‘Upload Certificate’.

Image for post
Image for post

12) Choose ‘Private’ > Upload and key in the password in Step 9.

13) Under ‘SSL Certificates’, click ‘Add Binding’ under ‘SSL Bindings’. Select your hostname and certificate. Submit and give it some time to process.

Image for post
Image for post

14) Head over to Cloudflare and under ‘DNS’, ensure the host has an orange cloud icon. Give it some time for the cache to clear and it should work perfectly afterwards.

If you have any questions, don’t hesitate to contact us! As a web development company as well as a web design company, Corsiva Lab is equipped with the expertise to help you build and design a website that is user-friendly, attractive and interactive. Additionally, as a digital marketing agency, we will be able to help you increase your website’s online visibility and Google rankings. If you would like more information regarding web design and development or digital marketing, do head over to our website and drop our friendly web design Singapore team a message.

Written by

Founded by a team of young entrepreneurs, Corsiva Lab is Singapore’s very own creative web design and digital marketing agency. www.corsivalab.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store