|
|
|
|
|
|
by kelnos
4145 days ago
|
|
|
I assume CloudFlare has a TLS signing cert that chains to a cert from a CA that is trusted by browsers, so generating new certs is likely free for CloudFlare, but IPv4 addresses are not free, and not particularly abundant these days. Customer-provided certs (using SNI) probably doesn't pass CloudFlare's compat tests as there are unfortunately enough clients out there that don't support SNI. The only alternative then, if SNI and multiple IPs are out, is a single cert with lots of subjectAltName entries. |
|
|