Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is Cert Manager suitable for the job of handling internal CA?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 550 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pete.s.
      last edited by pete.s.

      We have a HA pfsense setup for our servers and I wonder if the Cert Manager is suitable for being internal CA and signing certs for intranet websites, tls client certificates etc?

      I know I can do it with openssl but it would be nice to have some kind of overview of what certs are in circulation, when they expire etc.

      So far I've only used the Cert Manager for OpenVPN which worked fine. But that is why I'm wondering if it also can handle whatever is needed for every other kind of cert or format commonly in use.

      I'd also like to leverage the HA we already have on our two pfsense servers.

      provelsP 1 Reply Last reply Reply Quote 0
      • provelsP Offline
        provels @pete.s.
        last edited by

        @pete-s
        I used it for a cert for pfSense and 2 servers on my home LAN to enable HTTPS, as well as OpenVPN . I think 2.5 is the first version that can renew a cert, though.

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 1
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          I have been using it as my CA for years and years.. Any certs I need internally I just create with the pfsense CA. Switches, Nas, unifi controller, printer, pretty much anything that has a https gui..

          Good thing is my certs are prob good for long time still, even with browsers changing to very short certs.. Most of my certs are years old and still have like 5+ years left on them since made them 10 year.. And they are grandfathered in on browsers ;)

          So yeah I would say its more than capable of handling your certs needs.. Unless your talking 100's or thousands of certs it pretty much is full rounded in what you can do from the gui.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • P Offline
            pete.s.
            last edited by

            @johnpoz @provels

            Thanks, that sounds good!

            The docs only really has one page of info on the cert manager. https://docs.netgate.com/pfsense/en/latest/certificates/certificate-management.html

            So I just wanted to make sure it has the features needed instead of trying to do something with it that it wasn't made for.

            1 Reply Last reply Reply Quote 0
            • P Offline
              pete.s.
              last edited by

              Found that there's also a pfSense hangout video and slides available specifically on the cert manager. Might be useful if you end up in this thread.

              https://www.slideshare.net/NetgateUSA/certificate-management-on-pfsense-24-pfsense-hangout-september-2017

              https://www.youtube.com/watch?v=x2efFe9xXxo

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.