pfsense_ssl_install
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| pfsense_ssl_install [2025/11/21 12:26] – admin | pfsense_ssl_install [2025/11/21 12:38] (current) – admin | ||
|---|---|---|---|
| Line 43: | Line 43: | ||
| Copy the CSR — it will look like: | Copy the CSR — it will look like: | ||
| - | -----BEGIN CERTIFICATE REQUEST----- | + | -----BEGIN CERTIFICATE REQUEST----- |
| - | MIIC4jCCAc... | + | MIIC4jCCAc...\\ |
| - | -----END CERTIFICATE REQUEST----- | + | -----END CERTIFICATE REQUEST-----\\ |
| - | | + | ✅ **STEP 2** — Upload CSR to Namecheap |
| + | 1. Log in to Namecheap\\ | ||
| + | 2. Go to Products → SSL Certificates\\ | ||
| + | 3. Next to your certificate click → Activate\\ | ||
| + | 4. Paste the CSR you copied from pfSense\\ | ||
| + | 5. Choose Web Server type: Other / Apache / Nginx (any works)\\ | ||
| + | 6. Choose validation method (Email / DNS CNAME / HTTP)\\ | ||
| + | \\ | ||
| + | ⚠️ I recommend DNS CNAME validation → fastest & easiest.\\ | ||
| + | \\ | ||
| + | Namecheap will then submit it to Sectigo.\\ | ||
| + | ✅ **STEP 3** — Once Namecheap issues the certificate\\ | ||
| + | You will receive a ZIP file containing: | ||
| + | * Your domain certificate (yourdomain.crt)\\ | ||
| + | * ntermediate CA (SectigoRSADomainValidationSecureServerCA.crt)\\ | ||
| + | * Root certificate (not needed for pfSense)\\ | ||
| + | Unzip it.\\ | ||
| + | ✅ **STEP 4** — Import certificate into pfSense\\ | ||
| + | 1. Go to: System → Cert. Manager → Certificates\\ | ||
| + | 2. Edit the previously generated CSR entry\\ | ||
| + | 3. Choose: Import certificate\\ | ||
| + | 4. Paste:\\ | ||
| + | |||
| + | Field ----------------> | ||
| + | Certificate data ----------------> | ||
| + | Certificate Chain ----------------> | ||
| + | |||
| + | Example formatting: | ||
| + | |||
| + | -----BEGIN CERTIFICATE-----\\ | ||
| + | (your domain certificate)\\ | ||
| + | -----END CERTIFICATE-----\\ | ||
| + | \\ | ||
| + | -----BEGIN CERTIFICATE-----\\ | ||
| + | (intermediate certificate)\\ | ||
| + | -----END CERTIFICATE-----\\ | ||
| + | \\ | ||
| + | ⚠️ Do NOT paste the private key, pfSense already has it stored since it created the CSR. | ||
| + | |||
| + | Click Save. | ||
| + | \\ | ||
| + | ✅ **STEP 5** — Configure pfSense / HAProxy to use the certificate\\ | ||
| + | |||
| + | If used for the WebGUI:\\ | ||
| + | System → Advanced → Admin Access → SSL Certificate → select new cert\\ | ||
| + | If used in HAProxy:\\ | ||
| + | Services → HAProxy → SSL Offloading (frontend)\\ | ||
| + | Add → Select your new certificate\\ | ||
| + | \\ | ||
| + | Click Apply and reload. | ||
| + | \\ | ||
| + | \\ | ||
| + | 🚨 **FINAL CHECK** | ||
| + | \\ | ||
| + | go to:\\ | ||
| + | | ||
| + | and enter yourdomain.com to verify the chain. | ||
| + | \\ | ||
| That's it! | That's it! | ||
| + | \\ | ||
| + | \\ | ||
| **Your ArtIT Team** | **Your ArtIT Team** | ||
pfsense_ssl_install.1763724376.txt.gz · Last modified: 2025/11/21 12:26 by admin