How to generate a CSR with pfsense [SOLVED]
-
**Hello,
I want to use an external certificate for the pfSense captive portal
I buy SSL positive (By comodo) for the domain name electropro4545.click (which I own)
Following my purchase I received an e-mail asking me to log in to my account and submit the CSR to get my SSL certificate.
But a missing element is the ability of the pfSense Certification Authority to sign externally generated Certificate Signing Requests (CSRs).
How to generate a CSR with pfsensethanks for the answers**
-
Hi,
Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.And why posting your question in the Captive portal section ?
And why posting like this ? -
Hi,
Openssl is present, enter console, option 8.
Then you have access to the command "openssl".
How to generate a CRS file, see doc from comodo or even openssl. This is not pfSense related.But, why do this the manual way ?? pfSense has a package called acme - it can handle all the details for you.
All you need is a domain name that you own - and you have it.And why posting your question in the Captive portal section ?
And why posting like this ?I am sorry
thank you very much for your help,
With ACME, I managed to generate CRT, Exchange of personal information (.p12) and kye file but no CSR.
I should transfer my question to the apropriate section -
When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csrDid you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?
The acme package generates with the help of Letenscrypt certificates for free.
-
When you use "acme", a CSR is generated and you can find it here :
/tmp/acme/domain/domain/domain.csrDid you understand that when you use "acme" you do not need to use "SSL positive (By comodo)" anymore ?
The acme package generates with the help of Letenscrypt certificates for free.
Thank you very much,
I canceled the purchase of the positive certificate, however, the certificates generated by LetsEncrypte are not validated by the browser as if they were self-signed by pfsense
Here are some details about the certificate obtained
certificate information: Can not verify this certificate with a trusted certificate authority
certification path:
This root CA certificate is not trusted because it is not part of the Trusted Root Certification Authority store.
screenshots showing more details on the certificate
big thanks to you
 -
You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".
-
You used the test facilities of Letsenscrypt.
That explains the "Fake Intermediate X1" certificate.
Generating these certificates is ok, for testing purposes. You can ask as many as you want - but they will not be trusted.Goto Services => Acme Certificate => Account keys, edit your certificate and select for "Acme Server" this "Let's Encrypt Production acme V1 (Applies rate limits to certificate requests".
thanks to you I solved the problem, I learned a lot of things
Thank you
