Regarding SSL certificates and Cloudflare. Now don’t get me wrong, I’m a big fan of Cloudflare and have posted quite a few articles recommending the service for a variety of reasons, one being free SSL.
But, there is one caveat. While the free SSL plan works wonderfully well,
if a curious client or customer checks your SSL certificate using any of
the free online SSL checking tools, they may find other less scrupulous
websites “sharing your Cloudflare SSL certificate“.
Below is an example of a website set to Cloudflare. Note the other domain
listed in yellow.
Agreed, it requires a tech savvy customer or client to check for domains
sharing your SSL certificate. And then there is the question of “Who
cares?” or “Does it really matter?” I would argue that security wise it
doesn’t’ really matter, but client perception wise—that’s an unpredictable
thing.
And you may ask, “Well, what about other free SSL certificates, don’t they
show similarly?”
Answer: Yes. AutoSSL, a cPanel standard for free SSL certificates, may
likewise list other domains sharing the same IP address.
So it could be argued, that in today’s world of shared IP’s and a scarcity
of dedicated IP addresses available to shared clients that a dedicated IP
address remains a some what valid concern, “if” you are worried about
someone checking your SSL certificate and finding your website’s domain is
shared with pharmacy or more damaging website addresses as well.
This is all food for thought.
What do you think about the issue of shared SSL certificates displaying other web site addresses not associated with your business or website address?
1 Comment
The service provided by Cloudflare allows the owners of phishing websites to hide WHOIS information, In fact, the service provided by Cloudflare is to support phishing websites to phish and scam. If you check some networklookup, you will find these phishing websites are hosted by Cloudflare Inc.
If you fill out an abuse form on cloudflare.com, you never get a response.
If you file a complaint through Better Business Bureau, Cloudflare tell you to fill out an abuse form on cloudflare.com.
If you file a complaint through Better Business Bureau, Cloudflare reply you that you should receive a separate email with the hosting provider contact information for the phishing websites, but you never receive the email for the hosting provider contact information.
If you check other networklookup, you will find these phishing websites are hosted by Cloudflare Inc.