@stephenw10 I still have more questions. I access pfSense through a browser that is on my network. To secure the connection between my browser on my PC and pfSense's webGUI I need to configure a certificate issued by my CA inside pfSense? My browser still has (Error code: SEC_ERROR_UNKNOWN_ISSUER) when I access pfSense's webGUI. This is not a globally recognized CA this is a private CA running within my local network.
https://smallstep.com/certificates/
My current understanding of setting up certificate authentication is as follows:
Certificate Authority generates the root certificate
Root certificate or Root fingerprint needs to be upload and installed on each individual server that trusts the CA
Each server then needs to be issued a certificate from the CA.
Each service within the server needs to be configured to use that certificate issued by the CA.
After this if you have the root fingerprint or root certificate installed on your client you will trust all certificates issued by the CA.
I'm still looking for specific advice on configuration.
What is the difference between a root certificate and a root fingerprint? Can I paste my CA's root fingerprint directly into the 'certificate data' field? Then just upload a certificate that my CA issues into pfSense.
How should I handle Certificate Signing Requests in pfSense? After generating a CSR in pfSense, what is the correct process to get it signed by my private CA and correctly installed?
Is having a certificate signed equivalent to being issued a certificate by the CA?