ArtIT Wiki

User Tools

Site Tools

Trace: pfsense pfsense_ssl_install
pfsense_ssl_install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense_ssl_install [2025/11/21 12:19] adminpfsense_ssl_install [2025/11/21 12:38] (current) admin
Line 24: Line 24:
 Fill the form like this: Fill the form like this:
  
-**Field**   ------>      **Value** +**Field**  ---------------->  **Value**\\ 
-//Descriptive name ------>e.g. pilotreg-ssl-2025+//Descriptive name  ---------------->  e.g. pilotreg-ssl-2025\\ 
 +Key Type  ---------------->  RSA (4096 bits) ← recommended\\ 
 +Digest Algorithm  ---------------->  SHA256\\ 
 +Common Name. ---------------->  *.yourdomain.com (or your exact domain)\\ 
 +Country / State / City  ---------------->  Fill as required\\ 
 +Email / Org  ---------------->  Optional unless required\\ 
 +//
  
-Key Type----------------->RSA (4096 bits) ← recommended+👉 For wildcard certificates, use *.yourdomain.com
  
-Digest Algorithm--------->SHA256+Click Save.
  
-Common Name-------------->*.yourdomain.com (or your exact domain)+You will now see the CSR pending in the list.
  
-Country / State / City--->Fill as required+5. Click the Download or View CSR icon next to it(looks like a magnifying glass)
  
-Email / Org-------------->Optional unless required+Copy the CSR — it will look like: 
 +    
 +-----BEGIN CERTIFICATE REQUEST----- \\  
 +MIIC4jCCAc...\\ 
 +-----END CERTIFICATE REQUEST-----\\ 
 +    
 +✅ **STEP 2** — Upload CSR to Namecheap
  
-//+1. Log in to Namecheap\\ 
 +2. Go to Products → SSL Certificates\\ 
 +3. Next to your certificate click → Activate\\ 
 +4. Paste the CSR you copied from pfSense\\ 
 +5. Choose Web Server type: Other Apache Nginx (any works)\\ 
 +6. Choose validation method (Email / DNS CNAME / HTTP)\\ 
 +\\ 
 +⚠️ I recommend DNS CNAME validation → fastest & easiest.\\ 
 +\\ 
 +Namecheap will then submit it to Sectigo.\\ 
 + 
 +✅ **STEP 3** — Once Namecheap issues the certificate\\ 
 + 
 +You will receive a ZIP file containing:\\ 
 +  * Your domain certificate (yourdomain.crt)\\ 
 +  * ntermediate CA (SectigoRSADomainValidationSecureServerCA.crt)\\ 
 +  * Root certificate (not needed for pfSense)\\ 
 + 
 +Unzip it.\\ 
 + 
 +✅ **STEP 4** — Import certificate into pfSense\\ 
 +1. Go to: System → Cert. Manager → Certificates\\ 
 +2. Edit the previously generated CSR entry\\ 
 +3. Choose: Import certificate\\ 
 +4. Paste:\\ 
 + 
 +Field  ---------------->  Paste\\ 
 +Certificate data  ---------------->  Contents of yourdomain.crt\\ 
 +Certificate Chain  ---------------->  Paste intermediate cert(s) from the ZIP\\ 
 + 
 +Example formatting:\\ 
 + 
 +-----BEGIN CERTIFICATE-----\\ 
 +(your domain certificate)\\ 
 +-----END CERTIFICATE-----\\ 
 +\\ 
 +-----BEGIN CERTIFICATE-----\\ 
 +(intermediate certificate)\\ 
 +-----END CERTIFICATE-----\\ 
 +\\ 
 +⚠️ Do NOT paste the private key, pfSense already has it stored since it created the CSR. 
 + 
 +Click Save. 
 +\\ 
 +✅ **STEP 5** — Configure pfSense / HAProxy to use the certificate\\
  
 +If used for the WebGUI:\\
 +System → Advanced → Admin Access → SSL Certificate → select new cert\\
 +If used in HAProxy:\\
 +Services → HAProxy → SSL Offloading (frontend)\\
 +Add → Select your new certificate\\
 +\\
 +Click Apply and reload.
 +\\
 +\\
 +🚨 **FINAL CHECK**
 +\\
 +go to:\\
 +   https://ssllabs.com/ssltest
 +and enter yourdomain.com to verify the chain.
 +\\
 +That's it!
 +\\
 +\\
  
 +**Your ArtIT Team**
 +\\
 +\\
 +**[[pfsense|BACK]]**
  
  
pfsense_ssl_install.1763723983.txt.gz · Last modified: 2025/11/21 12:19 by admin