I'm setting up a free cloudflare account and i'm unsure what this means (for Full SSL):
"You will need to have an SSL certificate on your server. However,
CloudFlare will not attempt to validate the certificate (certificates
may be self-signed). [The difference between Full and Full (Strict) is
that Full (Strict) checks for a valid certificate on your origin
server, whereas Full checks for any certificate.]"
i don't know exactly what they mean by "You will need to have an SSL certificate on your server." i'm on a shared hosting plan, not in control of the server. will CloudFlare look for a (any) cert that the host has on the server and that will suffice? a little unsure what to look for or ask.
Best Answer
Full
Any certificate will work. This means a self-signed certificate can be used. If you're running a Certificate Authority, a certificate would work from there as well. This approach will encrypt all traffic between Cloudflare and your server however there will be no validation. Meaning there will be no checks to ensure it is communicating directly with your server nor will Revocation Lists be checked. This will leave the connection vulnerable to MitM.
Full (Strict)
The certificate on your server will need to be from a trusted Certificate Authority. This is because Cloudflare will validate the certificate to ensure it is communicating with your server directly and that the certificate is still valid.
Cloudflare Blog
The following entry does a great job explaining this in detail.
Introducing Strict SSL: Protecting Against a Man-in-the-Middle Attack on Origin Traffic