How to setup pfSense SSL Certificate Authority?

This article shows you how to create a self-signed Root Certification Authority (CA) and create an SSL server certificate. This is also the first step to setup the OpenVPN server on pfSense.

* This procedure works for pfSense 2.0.x.


== Create Certificate Authority ==
# Login to your pfsense firewall.
# Go to System > General Setup, make sure both your hostname and domain name are correct and is resolvable by public DNS. This cannot be easily changed later.

# Go to System > Cert Manager. On the CAs tab, click [+] to add a Certificate Authority.

# Choose Create an internal Certificate Authority.

# Input your information like the picture below and click Save.

== Create Server Certificate ==
# Go to System > Cert Manager.
# Go to the Certificate tab and click [+] to add a server certificate.

# Select Create an internal certificate.

#* Descriptive name: Input a short phrase without spaces or other special characters.
#* Certificate Authority: Choose the one we just created.
#* Certificate Type: choose Server Certificate.
#* Distinguished Name: Input the rest of your own data like the picture above.
#* Common Name: use the FQDN of your pfSense server. It must be exactly the same as your hostname and domain name specified in System > General Setup.
# Click Save.

== Let webConfigurator use the new server certificate ==
# Go to System > Advanced.

#* In Protocol, choose HTTPS
#* In SSL Certificate, choose the server certificate we’ve just created.
#* Click Save.
# Restart your browser and open your pfsense web page again.
# You will see the server certificate is now signed by “Example-RootCA” (the Certification Authority we just created).
# Go to System > Cert manager. Open Certificate Tab. We can now delete the previous webConfigurator certificate.

Permanent link to this article: