NHS network access instructions

For a practice's IT/network provider (for SCW-managed practices, raise via the SCW IT Self Service Portal). Version 1.1, June 2026.

Summary for the IT team

RxMargin is a legitimate, Cloudflare-hosted web application with a valid Google Trust Services TLS certificate. On managed NHS networks that run TLS inspection (for example Cloudflare Gateway / Zero Trust), RxMargin is re-signed with the network's own inspection certificate, which the practice browsers do not trust. This produces a NET::ERR_CERT_AUTHORITY_INVALID / "Your connection is not private" warning. It is also liable to be flagged simply as a newly-registered domain. Two small policy changes fix it.

Hostnames involved

rxmargin.co.uk
www.rxmargin.co.uk
portal.rxmargin.co.uk(the secure data portal)
rxmargin.cloudflareaccess.com(sign-in for the portal)
rxmargin-notify.ed-muffett.workers.dev(the enquiry-form endpoint on rxmargin.co.uk; a branded notify.rxmargin.co.uk route is planned and will replace it here when live)

Change 1 - Do Not Inspect (TLS)

In Cloudflare Zero Trust -> Gateway, add a "Do Not Inspect" rule for the hostnames above so they bypass TLS re-signing. This lets the genuine certificate through untouched and is the clean fix for the certificate warning.

Change 2 - Allow (HTTP policy)

Add the same hostnames to an Allow rule in the HTTP policy, in case they are also being blocked as a new or uncategorised domain.

Change 3 - Email (one-time codes)

Please ensure nhs.net inboxes can receive one-time sign-in codes from Cloudflare Access (sender domains associated with cloudflareaccess.com), so portal users can complete sign-in.

Why this is safe

RxMargin holds no patient-identifiable data; it processes practice-level business/financial data.
The site uses a valid public TLS certificate; the warning is caused only by local TLS re-inspection, not by any problem with the site.
Access is restricted to named users behind multi-factor / one-time-code authentication.

For SCW-managed practices

Raise via the SCW IT Self Service Portal: Raise a Call -> I have an issue -> Raise a Network related call. Reference this document.

Contact

Dr Ed Muffett, RxMargin - [email protected]. Happy to speak to the IT team directly.

Prefer plain text? The same instructions are available as a raw Markdown file to paste into a ticket, or use your browser's print function for a PDF copy of this page.