On 17/09/14 02:24, Paul Wouters wrote: > How does this mechanism work when there is traffic using TLS? Is there a > MITM cert? According to CloudFlare Support (<https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-three-SSL-options-off-Flexible-Full-mean->) there are options for how SSL (or TLS rather) operates. It can be User --TLS--> CloudFlare --> Server (as they put it: front-end over TLS, back-end over TLS) or User --TLS--> CloudFlare --TLS--> Server (as they put it: front-end over TLS, back-end unencrypted). CloudFlare receive a valid certificate from GlobalSign (it would seem) and present that to the browser. Although you do have the option to upload your own private key for 'Business and Enterprise plans'. While I'm can't find their justification for requesting them, I don't believe it constitutes a MITM certificate. It's also likely that other CDN providers have similar setups as well. Regards, Tom Thorogood. [Disclosure: Fully satisfied CloudFlare customer.]