This article shows you how to create a self-signed Root Certification Authority (CA) and create an SSL server certificate. This is also the first step to setup the OpenVPN server on pfSense.
* This procedure works for pfSense 2.0.x.
== Create Certificate Authority ==
# Login to your pfsense firewall.
# Go to System > General Setup, make sure both your hostname and domain name are correct and is resolvable by public DNS. This cannot be easily changed later.
# Go to System > Cert Manager. On the CAs tab, click [+] to add a Certificate Authority.
# Choose Create an internal Certificate Authority.
# Input your information like the picture below and click Save.
== Create Server Certificate ==
# Go to System > Cert Manager.
# Go to the Certificate tab and click [+] to add a server certificate.
# Select Create an internal certificate.
#* Descriptive name: Input a short phrase without spaces or other special characters.
#* Certificate Authority: Choose the one we just created.
#* Certificate Type: choose Server Certificate.
#* Distinguished Name: Input the rest of your own data like the picture above.
#* Common Name: use the FQDN of your pfSense server. It must be exactly the same as your hostname and domain name specified in System > General Setup.
# Click Save.
== Let webConfigurator use the new server certificate ==
# Go to System > Advanced.
#* In Protocol, choose HTTPS
#* In SSL Certificate, choose the server certificate we’ve just created.
#* Click Save.
# Restart your browser and open your pfsense web page again.
# You will see the server certificate is now signed by “Example-RootCA” (the Certification Authority we just created).
# Go to System > Cert manager. Open Certificate Tab. We can now delete the previous webConfigurator certificate.