Sorry for the necro but I wanted to add this for anyone else who arrives here via Google.

We've ran into the same scenario with a company we deal with trying to do the Trustwave Scans.

The stuff they test for changes every month and it seems like we fail for something different each time.

I tried the above posted line but we still failed.  After looking around, this is what I came up with:

$lighty_config .= "ssl.cipher-list = \"TLSv1.2:!aNULL:!eNULL:!DSS\"\n";

SSLscan now shows protected on everything.  BTW, you can add sslscan to pfSense via 'pkg install sslscan'

https://forum.pfsense.org/index.php?topic=94419.0

https://github.com/pfsense/pfsense/blob/master/usr/local/www/fbegin.inc

Mr Jingles also reported this double-widget thing with pfBlockerNG.
I can't make it happen. The widgets section of my config at home has:

<widgets><sequence>system_information-container:col1:show,openvpn-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,rss-container:col2:close,log-container:col2:show,gateways-container:col2:show,interfaces-container:col2:show,services_status-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,picture-container:col2:close,smart_status-container:col2:none,thermal_sensors-container:col2:close,wake_on_lan-container:col2:none,ntp_status-container:col2:none,dyn_dns_status-container:col2:show,traffic_graphs-container:col2:close,pfblockerng-container:col2:close</sequence> <trafficgraphs><shown>lan opt2</shown> <refreshinterval>9</refreshinterval> <scale_type>up</scale_type></trafficgraphs> <rssfeed>http://blog.pfsense.org</rssfeed> <rssmaxitems>10</rssmaxitems> <rsswidgetheight>300</rsswidgetheight> <rsswidgettextlength>140</rsswidgettextlength> <widget_snort_display_lines>23</widget_snort_display_lines> <gateways_widget><display_type>both_ip</display_type></gateways_widget> <filterlogentries>8</filterlogentries></widgets>

I am guessing that maybe the "sequence" tag is getting duplicate entries in it somehow?

What does your "widgets" section of the config contain?

Yes you can.

Geez, you really know how to make a guy feel stupid, don't you?  ;D  It never occurred to me that particular Save button did more than just the two options displayed.  I assumed the main GUI save was responsible for tracking widget display status & placement.  Duh.  There is still something going on that didn't go on before, but I'm not going to press it since you gave me a better solution.  Thanks again!

Status -> Interfaces
/usr/local/www/status_interfaces.php

Dashboard Interfaces
/usr/local/www/widgets/widgets/interfaces.widget.php

Dashboard Interface Statistics
/usr/local/www/widgets/widgets/interface_statistics.widget.php

Noone's talking about your pfSense LAN IP regarding DHCP. You need to change your LAN clients unless using DHCP!

That was quick! Thanks a lot doktornotor!

@jimp:

If the servers had the same cert and a DNS round-robin or LDAP proxy that did load balancing, perhaps.

Yes.

If you're talking about for OpenVPN, just define the second LDAP server and ctrl-click both servers in the OpenVPN settings and it'll try one then the other.

Yes, indeed. I thought that's not possible. Let me give a try.
Thanks!

No. But you can make a read-only user and grant it access to the dashboard and give them the login for that.

What worked

1. Downloaded the Cert + Key from the newly added cert 
2. Deleted the old one
3. Added the new cert back in

Either there was a problem adding it while the older one was still present, or adding it from the CSR did not work fully.

No, there's no magic setting anywhere.

config.xml is available on request.

Yess that will be my next action before i move to open vpn.
Thanks.

I actually meant as the <title>so it shows up in the text on the browser tab, but you provided enough info for me that I was able to get it working.<br /><br />I understand not everybody would want that and an option would be best. This is just for my home use so it's not really a concern for me and this makes things easier.<br /><br />Anyways thank you for your help, it was exactly what I needed.</title>

Thanks KOM, that explains what I'm seeing!  8)

Doktornotor, in my example (and a majority of my traffic) its all incoming traffic from the fiber connection.

Thanks again guys for the help!