How to generate a CSR with pfsense [SOLVED]

fmohcine26

**Hello,
I want to use an external certificate for the pfSense captive portal
I buy SSL positive (By comodo) for the domain name electropro4545.click (which I own)
Following my purchase I received an e-mail asking me to log in to my account and submit the CSR to get my SSL certificate.
But a missing element is the ability of the pfSense Certification Authority to sign externally generated Certificate Signing Requests (CSRs).
How to generate a CSR with pfsense

thanks for the answers**

Gertjan

Hi,

Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.

But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.

And why posting your question in the Captive portal section ?
And why posting like this ?

fmohcine26

@Gertjan:

Hi,

Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.

But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.

And why posting your question in the Captive portal section ?
And why posting like this ?

I am sorry
thank you very much for your help,
With ACME, I managed to generate CRT, Exchange of personal information (.p12) and kye file but no CSR.
I should transfer my question to the apropriate section

Gertjan

When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csr

Did you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?

The acme package generates with the help of Letenscrypt certificates for free.

fmohcine26

@Gertjan:

When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csr

Did you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?

The acme package generates with the help of Letenscrypt certificates for free.

Thank you very much,
I canceled the purchase of the positive certificate, however, the certificates generated by LetsEncrypte are not validated by the browser as if they were self-signed by pfsense
Here are some details about the certificate obtained
certificate information: Can not verify this certificate with a trusted certificate authority
certification path:
This root CA certificate is not trusted because it is not part of the Trusted Root Certification Authority store.
screenshots showing more details on the certificate
big thanks to you




Gertjan

You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

fmohcine26

@Gertjan:

You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

thanks to you I solved the problem, I learned a lot of things
Thank you