Setting up the certificates
Set up a Certificate Authority (CA)
NoteBrowse to
You can skip this step if you already have a certificate authority in PFSense that you’d like to use. This can be an existing internal CA, or an external authority that’s been imported into PFSense.
System > Certificates > Authorities and add a new certificate authority.
Fill out the details however you want, but this is what I’m using to demonstrate:
Create a certificate for an individual or device
Browse to System > Certificates > Certificates and add a new certificate.
NoteYou only need to edit a couple of areas here:
You can skip this step if you have already imported a certificate into PFsense that has been generated by a Certificate Authority used above.
You can leave the rest of the options at their default.
Set up revocation for your certificates
This is important, as this is how you’ll be able to revoke access to individual users/devices.
Browse to System > Certificates > Revocation and select the CA you wish to create the Certificate Revocation List (CRL) for, then click + Add.
On the next page, you’ll have the option to either:
- Create a new CRL (if you’ve followed the steps above to create a new CA, or the existing internal CA hasn’t had one created yet)
- Import an existing CRL (that’s been exported from an external CA)
If you don’t already have a CRL prepared for this CA
Leave the method at Create an internal Certificate Revocation List.
Fill in the Descriptive name.
Click Save.
If you already have a CRL prepared for this CA (in X.509 CRL format)
Change the method to Import an existing Certificate Revocation List.
Fill in the Descriptive name.
Paste the existing CRL data into CRL data.
Click Save.
Export your certificate
To correctly export your generated certificate, click the edit icon next to it’s entry in System > Certificates > Certificates.
Enter a passphrase to protect this exported key, then click Export PKCS#12. You will then be given a certificate you can import into your device/s of choice.
Time to set up HAProxy!