pfSense: Generate a SSL Certificate for HTTPS on your pfSense

If you are new to pfSense you probably recognized that you don’t got a secure connection to your Firewall out of the box. I show you step by step how to Generate a SSL Certificate for HTTPS on your pfSense firewall.

You want a secure connection to your firewall. We can achieve this with a few (more or less) simple steps. Lets dive right in.

Please don’t mind that my Windows and Browser versions are in German, the locations of the buttons etc should be the same in English.

1. Login to your Firewall and go to System / Certificate Manager / CAa and click on Add

2. Fill in all the details according to your location like in my sample.

3. Go to System / Certificate Manager / Certificates - You will notice there is already a certificate existing. Thats the default cert that comes pre installed. We ignore this and click on Add.

4. Fill in the form like in my example. Pay attention to Common Name, this is the FQDN of your pfSense. For example: mypfsensefirewall.lan also make sure that you enter the same FQDN in the Alternative Names Field (Thanks to Rob for pointing that out!)

5. Now pay attention: Go BACK to System / Certificate Manager / CAs and export the CERTIFICATE AUTHORITY, not the WebConfigurator Cert we just created!

6. Open your Windows Certificate Root and import the downloaded pfsense-CA cert. You can Import by right clicking on a empty space on the right side and choose "New Task" or so and Import

7.  Go back to your pfSense and go to System / Advanced / Admin Access and CHANGE the SSL certificate from the default one to our newly created one. Hit Save.

8. Now Google Chrome should automaticaly accept the Cert stored in the Windows Certificate Root. Firefox doesn't. If your Chrome doesn't do it, import it manually. Below the steps for Firefox.

9. After doing all this and restarting your browser you should be greeted with a green lock, ensuring a secure connection to your firewall. Remember to access your firewill via its FQDN and not the IP.

 

Don’t forget to donate

🙂

Or, one of your favorite Cryptos:

Bitcoin Donations: 1KsqRQVg3caHFnYg8bvqR25sDDznpeNeCs
Ethereum Donations: 0xeB60dd10ab1146ad8504aEd127b6EF0168eF4FB5

All donations are highly appreciated!

 

 

You can get pre-installed pfSense hardware here:

I use a PC Engines APU.1D4 Bundle which is only available on  the German Amazon, so you have to look how to get it in the US, but I assume the options above are of equal quality.

12 thoughts on “pfSense: Generate a SSL Certificate for HTTPS on your pfSense

Leave a Reply

%d bloggers like this: