Configure in OpenLiteSpeed SSL

Learning Focus

By the end of this lesson you will know how to configure the SSL listener to use your Cloudflare Origin certificate.

Steps in WebAdmin

1. Navigate to Listeners → your SSL listener (port 443)
2. Click SSL tab
3. Set:
   • Private Key File: /etc/ssl/private/cloudflare-origin.key
   • Certificate File: /etc/ssl/certs/cloudflare-origin.pem
   • Chained Certificate: Yes
4. Save and Graceful Restart

Verification

# Test the SSL handshake
openssl s_client -connect localhost:443 -servername example.com 2>/dev/null | \
  openssl x509 -noout -subject -issuer

# Expected issuer: Cloudflare Origin RSA CA or similar

info

Cloudflare Origin CA certificates show as "untrusted" when accessed directly (without Cloudflare proxy). This is expected — they are only trusted by Cloudflare.

Key Takeaways

• Point the listener to the certificate and key paths you uploaded.
• Always verify with openssl after configuring.
• Direct browser access will show cert warnings — this is normal for Origin CA.

What's Next

• Continue to OLS SSL Listener Setup for additional listener configuration.