Deprecation of public client EKU and cloudflare
Does cloudflare AOP check for client EKU on a custom certificate? up thus far we've been uploading letsencrypt certificates and things worked, but there's a pending change. Non-browser entities have traditionally not respected the client EKU requirement, but does cloudflare?
2 Replies
Support AI
According to the Cloudflare documentation, I couldn't find any explicit information on whether Cloudflare AOP checks for client EKU (Extended Key Usage) on a custom certificate.
However, I can suggest that you refer to the Cloudflare documentation on Authenticated Origin Pulls (AOP) and Client Authenticated TLS Handshake for more information on how AOP works.
Additionally, you may want to check the documentation on Custom Certificates to see if there are any specific requirements or restrictions on using custom certificates with AOP.
If you're unsure about the impact of the pending change on your setup, I recommend reviewing the Cloudflare documentation and reaching out to Cloudflare support for further guidance.
Source:
- https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/
- https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/explanation/#client-authenticated-tls-handshake
- https://developers.cloudflare.com/ssl/origin-configuration/custom-certificates/
Sources
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
I went ahead and checked - it's not in the docs (If it was, then you would have found it already... )