You don't need to install a CA cert, you just paste your ssl private key to cloudflare.
That is my point. Cloudflare then sees the unencrypted data. Apparently this is of no concern?
I guess many websites trust Cloudflare enough to share their SSL keys.