Keywords: WordPress Multisite - Microsoft Azure - How to - Secure Connections (SSL/HTTPS)
Hi, I am trying to figure out how to go about enabling Cloudflare Full (strict) mode:
"Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server"
Namely, with Cloudflare I understand that I will need to create and Origin Certificate.
"Origin Certificates are only valid for encryption between Cloudflare and your origin server."
Please correct me where I'm wrong on my understandings below.
I believe that for each site on the Wordpress Multisite, I will have an origin certificate and a private key, which will be saved from Cloudflare in .txt files (e.g. mysite1.crt and mysite1.key) and uploaded via SFTP to the /opt/bitnami/apps/wordpress/conf/certs/ location. It's my understanding that if I have 6 sites, there will be a total of 12 uniquely named .crt and .key files.
Then once that is done, in order to set different SSL certificates for each new domain, I will configure each domain as a virtual host, editing the /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf file and add a new virtual host for each new domain. The following code could be taken as an example:
(Above is two examples which would be replicated for all 6 sites.)
And then the final step: After ensuring that the certificates are properly generated and configured in the /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf file, include that file in Apache’s /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf file as shown below:
Is this on track so far?
If that is good, my final question is then to do with Cloudflare's Origin CA certificates. (https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates#h_30cc332c-8f6e-42d8-9c59-6c1f06650639)
"Step 4 - Add Cloudflare Origin CA root certificates
Some origin web servers require uploading the Cloudflare Origin CA root certificate. See below for an RSA and ECC version of the Cloudflare Origin CA root certificate. Click on a link to download a file:
cPanel does not support ECC certificates. Use the Origin CA root RSA certificate below.
Alternatively, click to expand the root certificate contents for copy and paste into your origin web server configuration:
Cloudflare Origin CA — RSA Root
Cloudflare Origin CA — ECC Root"
What location would I upload the Cloudflare Origin root certificate to?