How to generate a CSR with pfsense [SOLVED]



  • **Hello,
    I want to use an external certificate for the pfSense captive portal
    I buy SSL positive (By comodo) for the domain name electropro4545.click (which I own)
    Following my purchase I received an e-mail asking me to log in to my account and submit the CSR to get my SSL certificate.
    But a missing element is the ability of the pfSense Certification Authority to sign externally generated Certificate Signing Requests (CSRs).
    How to generate a CSR with pfsense

    thanks for the answers**



  • Hi,

    Openssl is present, enter console, option 8.
    Then you have access to the command "openssl".
    How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.

    But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
    All you need is a domain name that you own - and you have it.

    And why posting your question in the Captive portal section ?
    And why posting like this ?



  • @Gertjan:

    Hi,

    Openssl is present, enter console, option 8.
    Then you have access to the command "openssl".
    How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.

    But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
    All you need is a domain name that you own - and you have it.

    And why posting your question in the Captive portal section ?
    And why posting like this ?

    I am sorry
    thank you very much for your help,
    With ACME, I managed to generate CRT, Exchange of personal information (.p12) and kye file but no CSR.
    I should transfer my question to the apropriate section



  • When you use "acme", a CSR is generated and you can find it here :
    /tmp/acme/domain/domain/domain.csr

    Did you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?

    The acme package generates with the help of Letenscrypt certificates for free.



  • @Gertjan:

    When you use "acme", a CSR is generated and you can find it here :
    /tmp/acme/domain/domain/domain.csr

    Did you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?

    The acme package generates with the help of Letenscrypt certificates for free.

    Thank you very much,
    I canceled the purchase of the positive certificate, however, the certificates generated by LetsEncrypte are not validated by the browser as if they were self-signed by pfsense
    Here are some details about the certificate obtained
    certificate information: Can not verify this certificate with a trusted certificate authority
    certification path:
    This root CA certificate is not trusted because it is not part of the Trusted Root Certification Authority store.
    screenshots showing more details on the certificate
    big thanks to you



    ![emeeteur certificat.jpg](/public/imported_attachments/1/emeeteur certificat.jpg)
    ![emeeteur certificat.jpg_thumb](/public/imported_attachments/1/emeeteur certificat.jpg_thumb)


    ![chemin d'accès de certificat.jpg](/public/imported_attachments/1/chemin d'accès de certificat.jpg)
    ![chemin d'accès de certificat.jpg_thumb](/public/imported_attachments/1/chemin d'accès de certificat.jpg_thumb)
    ![chemin d'accès de certificaXt.jpg](/public/imported_attachments/1/chemin d'accès de certificaXt.jpg)
    ![chemin d'accès de certificaXt.jpg_thumb](/public/imported_attachments/1/chemin d'accès de certificaXt.jpg_thumb)
    ![etat de certificat.jpg](/public/imported_attachments/1/etat de certificat.jpg)
    ![etat de certificat.jpg_thumb](/public/imported_attachments/1/etat de certificat.jpg_thumb)
    ![The connection is not secure1.jpg](/public/imported_attachments/1/The connection is not secure1.jpg)
    ![The connection is not secure1.jpg_thumb](/public/imported_attachments/1/The connection is not secure1.jpg_thumb)



  • You used the test facilities of Letsenscrypt.
    That explains the "Fake Intermediate X1" certificate.
    Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

    Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".



  • @Gertjan:

    You used the test facilities of Letsenscrypt.
    That explains the "Fake Intermediate X1" certificate.
    Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.

    Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".

    thanks to you I solved the problem, I learned a lot of things
    Thank you

    ![Sans titre-2.jpg](/public/imported_attachments/1/Sans titre-2.jpg)
    ![Sans titre-2.jpg_thumb](/public/imported_attachments/1/Sans titre-2.jpg_thumb)
    ![Sans titre-1.jpg](/public/imported_attachments/1/Sans titre-1.jpg)
    ![Sans titre-1.jpg_thumb](/public/imported_attachments/1/Sans titre-1.jpg_thumb)