This is an old revision of the document!
Installing SSL Certificats in PfSense
Summary:
✅ Generate a new private key + CSR inside pfSense ✅ Upload the CSR to Namecheap (Sectigo DV SSL) ✅ Import the resulting cert back into pfSense and assign it to HAProxy (or WebGUI)
✅ STEP 1 — Generate a new private key + CSR in pfSense
1. Log in to pfSense
2. Go to:
System → Cert. Manager → Certificates
3. Click: + Add / Sign
4. Choose:
Method: Create a Certificate Signing Request (CSR)
Fill the form like this:
Field —————→ Value
Descriptive name —————→ e.g. pilotreg-ssl-2025
Key Type —————→ RSA (4096 bits) ← recommended
Digest Algorithm —————→ SHA256
Common Name. —————→ *.yourdomain.com (or your exact domain)
Country / State / City —————→ Fill as required
Email / Org —————→ Optional unless required
👉 For wildcard certificates, use *.yourdomain.com
Click Save.
You will now see the CSR pending in the list.
5. Click the Download or View CSR icon next to it(looks like a magnifying glass)
Copy the CSR — it will look like:
—–BEGIN CERTIFICATE REQUEST—–
MIIC4jCCAc…
—–END CERTIFICATE REQUEST—–
✅ STEP 2 — Upload CSR to Namecheap
1. Log in to Namecheap
2. Go to Products → SSL Certificates
3. Next to your certificate click → Activate
4. Paste the CSR you copied from pfSense
5. Choose Web Server type: Other / Apache / Nginx (any works)
6. Choose validation method (Email / DNS CNAME / HTTP)
⚠️ I recommend DNS CNAME validation → fastest & easiest.
Namecheap will then submit it to Sectigo.
✅ STEP 3 — Once Namecheap issues the certificate
You will receive a ZIP file containing:
- Your domain certificate (yourdomain.crt)
- ntermediate CA (SectigoRSADomainValidationSecureServerCA.crt)
- Root certificate (not needed for pfSense)
Unzip it.
That's it!
Your ArtIT Team
BACK