Apparently there was some confusion in the comments on this blog post -- and likely most HN'ers realize this -- but just to be clear:
These certificates are issued by CloudFlare's private CA. The root CA certificates are not trusted by Firefox, Chrome, etc. These certificates aren't intended to be used on hosts that are directly reachable by end users / site visitors -- only on the "origin" hosts that CloudFlare's proxies connect to.
These certificates are issued by CloudFlare's private CA. The root CA certificates are not trusted by Firefox, Chrome, etc. These certificates aren't intended to be used on hosts that are directly reachable by end users / site visitors -- only on the "origin" hosts that CloudFlare's proxies connect to.