Invalid SSL certificate

I am fairly certain, that I am not currently visiting ssl318873.cloudflaressl.com.

But that just happens to be the domain for which the SSL certificate, that, when visiting https://forum.teksyndicate.com, I get sent to me. Setting up LetsEncrypt takes like 5 minutes =P

Could be a reverse proxy, if I'm not mistaken that's how cloudflare works.

@wendell?

Isnt the Tek Syndicate certificate self signed?

By the looks of it, it's a COMODO cert/

We use cloudflare as a CDN type thing for the site that's why your seeing cloudflare in the certificate.

I can't remember how it works that it still comes up as valid, but it is valid.

Reverse proxy confirmed.

CloudFlare, Inc. is a U.S. company that provides a content delivery network and distributed domain name server services, sitting between the visitor and the CloudFlare user's hosting provider, acting as a reverse proxy for websites.

Probably transitive trust type situation, if we trust cloudflare and cloudflare trusts TS then we trust TS.

A=B B=C then A=C

2 Likes

Pretty good explanation by cloudflare themselves:


1 Like