Is it safe to delete the default CA for the WebUI once you have something else



  • First off sorry if I posted this in the wrong place

    I have finally gotten around to importing the root cert from my Windows Server 2012 R2 CA (for my local domain). I also I have the CA for my VPN gateway configured as well as the default one pfSense generates at install (at least, I think that's where it came from I don't remember creating it myself).

    I would like to know, now that I have two CA's that are trusted on my network configured is it safe to delete the default pfSense one? It has no certificates generated against it.

    Also, seeing as I am now using a SSL cert generated against my Win2k12 R2 CA to secure the connection to the UI can I delete the default cert pfSense generates for that purpose as well?

    Thanks in advance


  • Rebel Alliance Developer Netgate

    There isn't a "default" CA for pfSense. The GUI uses a self-signed certificate (no CA) by default. If you put in your own CA and do not use a CA listed on pfSense for anything, you can delete it.

    You can also delete the default WebGUI certificate if you no longer use it.



  • Ok good to know. It's been a year since I did the initial setup of this thing so my memory of the defaults is a little foggy. The naming of the CA led me to believe it was a default config.

    Anyway, thanks for the reply.

    You can close this topic now


Log in to reply