How to generate a CSR with pfsense [SOLVED]
-
**Hello,
I want to use an external certificate for the pfSense captive portal
I buy SSL positive (By comodo) for the domain name electropro4545.click (which I own)
Following my purchase I received an e-mail asking me to log in to my account and submit the CSR to get my SSL certificate.
But a missing element is the ability of the pfSense Certification Authority to sign externally generated Certificate Signing Requests (CSRs).
How to generate a CSR with pfsensethanks for the answers**
-
Hi,
Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.And why posting your question in the Captive portal section ?
And why posting like this ? -
Hi,
Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.And why posting your question in the Captive portal section ?
And why posting like this ?I am sorry
thank you very much for your help,
With ACME, I managed to generate CRT, Exchange of personal information (.p12) and kye file but no CSR.
I should transfer my question to the apropriate section -
When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csrDid you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?
The acme package generates with the help of Letenscrypt certificates for free.
-
When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csrDid you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?
The acme package generates with the help of Letenscrypt certificates for free.
Thank you very much,
I canceled the purchase of the positive certificate, however, the certificates generated by LetsEncrypte are not validated by the browser as if they were self-signed by pfsense
Here are some details about the certificate obtained
certificate information: Can not verify this certificate with a trusted certificate authority
certification path:
This root CA certificate is not trusted because it is not part of the Trusted Root Certification Authority store.
screenshots showing more details on the certificate
big thanks to you
![emeeteur certificat.jpg](/public/imported_attachments/1/emeeteur certificat.jpg)
![emeeteur certificat.jpg_thumb](/public/imported_attachments/1/emeeteur certificat.jpg_thumb)
![chemin d'accès de certificat.jpg](/public/imported_attachments/1/chemin d'accès de certificat.jpg)
![chemin d'accès de certificat.jpg_thumb](/public/imported_attachments/1/chemin d'accès de certificat.jpg_thumb)
![chemin d'accès de certificaXt.jpg](/public/imported_attachments/1/chemin d'accès de certificaXt.jpg)
![chemin d'accès de certificaXt.jpg_thumb](/public/imported_attachments/1/chemin d'accès de certificaXt.jpg_thumb)
![etat de certificat.jpg](/public/imported_attachments/1/etat de certificat.jpg)
![etat de certificat.jpg_thumb](/public/imported_attachments/1/etat de certificat.jpg_thumb)
![The connection is not secure1.jpg](/public/imported_attachments/1/The connection is not secure1.jpg)
![The connection is not secure1.jpg_thumb](/public/imported_attachments/1/The connection is not secure1.jpg_thumb) -
You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".
-
You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".
thanks to you I solved the problem, I learned a lot of things
Thank you![Sans titre-2.jpg](/public/imported_attachments/1/Sans titre-2.jpg)
![Sans titre-2.jpg_thumb](/public/imported_attachments/1/Sans titre-2.jpg_thumb)
![Sans titre-1.jpg](/public/imported_attachments/1/Sans titre-1.jpg)
![Sans titre-1.jpg_thumb](/public/imported_attachments/1/Sans titre-1.jpg_thumb)