<![CDATA[How to generate a CSR with pfsense [SOLVED]]]>**Hello,
I want to use an external certificate for the pfSense captive portal
I buy SSL positive (By comodo) for the domain name electropro4545.click (which I own)
Following my purchase I received an e-mail asking me to log in to my account and submit the CSR to get my SSL certificate.
But a missing element is the ability of the pfSense Certification Authority to sign externally generated Certificate Signing Requests (CSRs).
How to generate a CSR with pfsense

thanks for the answers**

]]>https://forum.netgate.com/topic/128077/how-to-generate-a-csr-with-pfsense-solvedRSS for NodeSun, 07 Jun 2026 07:28:08 GMTSun, 11 Mar 2018 18:01:31 GMT60<![CDATA[Reply to How to generate a CSR with pfsense [SOLVED] on Wed, 14 Mar 2018 10:04:19 GMT]]>@Gertjan:

You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

thanks to you I solved the problem, I learned a lot of things
Thank you

![Sans titre-2.jpg](/public/imported_attachments/1/Sans titre-2.jpg)
![Sans titre-2.jpg_thumb](/public/imported_attachments/1/Sans titre-2.jpg_thumb)
![Sans titre-1.jpg](/public/imported_attachments/1/Sans titre-1.jpg)
![Sans titre-1.jpg_thumb](/public/imported_attachments/1/Sans titre-1.jpg_thumb)

]]>https://forum.netgate.com/post/755062https://forum.netgate.com/post/755062Wed, 14 Mar 2018 10:04:19 GMT<![CDATA[Reply to How to generate a CSR with pfsense [SOLVED] on Mon, 12 Mar 2018 20:52:18 GMT]]>You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

]]>https://forum.netgate.com/post/755022https://forum.netgate.com/post/755022Mon, 12 Mar 2018 20:52:18 GMT<![CDATA[Reply to How to generate a CSR with pfsense [SOLVED] on Mon, 12 Mar 2018 18:59:03 GMT]]>@Gertjan:

When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csr

Did you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?

The acme package generates with the help of Letenscrypt certificates for free.

Thank you very much,
I canceled the purchase of the positive certificate, however, the certificates generated by LetsEncrypte are not validated by the browser as if they were self-signed by pfsense
Here are some details about the certificate obtained
certificate information: Can not verify this certificate with a trusted certificate authority
certification path:
This root CA certificate is not trusted because it is not part of the Trusted Root Certification Authority store.
screenshots showing more details on the certificate
big thanks to you

Certificatjpg.jpg
Certificatjpg.jpg_thumb
![emeeteur certificat.jpg](/public/imported_attachments/1/emeeteur certificat.jpg)
![emeeteur certificat.jpg_thumb](/public/imported_attachments/1/emeeteur certificat.jpg_thumb)
details.jpg
details.jpg_thumb
![chemin d'accès de certificat.jpg](/public/imported_attachments/1/chemin d'accès de certificat.jpg)
![chemin d'accès de certificat.jpg_thumb](/public/imported_attachments/1/chemin d'accès de certificat.jpg_thumb)
![chemin d'accès de certificaXt.jpg](/public/imported_attachments/1/chemin d'accès de certificaXt.jpg)
![chemin d'accès de certificaXt.jpg_thumb](/public/imported_attachments/1/chemin d'accès de certificaXt.jpg_thumb)
![etat de certificat.jpg](/public/imported_attachments/1/etat de certificat.jpg)
![etat de certificat.jpg_thumb](/public/imported_attachments/1/etat de certificat.jpg_thumb)
![The connection is not secure1.jpg](/public/imported_attachments/1/The connection is not secure1.jpg)
![The connection is not secure1.jpg_thumb](/public/imported_attachments/1/The connection is not secure1.jpg_thumb)

]]>https://forum.netgate.com/post/755006https://forum.netgate.com/post/755006Mon, 12 Mar 2018 18:59:03 GMT<![CDATA[Reply to How to generate a CSR with pfsense [SOLVED] on Mon, 12 Mar 2018 12:54:37 GMT]]>When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csr

Did you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?

The acme package generates with the help of Letenscrypt certificates for free.

]]>https://forum.netgate.com/post/754922https://forum.netgate.com/post/754922Mon, 12 Mar 2018 12:54:37 GMT<![CDATA[Reply to How to generate a CSR with pfsense [SOLVED] on Mon, 12 Mar 2018 12:01:58 GMT]]>@Gertjan:

Hi,

Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.

But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.

And why posting your question in the Captive portal section ?
And why posting like this ?

I am sorry
thank you very much for your help,
With ACME, I managed to generate CRT, Exchange of personal information (.p12) and kye file but no CSR.
I should transfer my question to the apropriate section

]]>https://forum.netgate.com/post/754911https://forum.netgate.com/post/754911Mon, 12 Mar 2018 12:01:58 GMT<![CDATA[Reply to How to generate a CSR with pfsense [SOLVED] on Sun, 11 Mar 2018 20:57:38 GMT]]>Hi,

Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.

But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.

And why posting your question in the Captive portal section ?
And why posting like this ?

]]>https://forum.netgate.com/post/754834https://forum.netgate.com/post/754834Sun, 11 Mar 2018 20:57:38 GMT