But how do you what certificates it's associated with?

Keep in mind that the pfSense cert store isn't the only one that exists
Every Pad, Phone, PC, etc every device that makes TLS connections uses a system wide certificate file, here /usr/local/share/certs/ca-root-nss.crt - see also here /etc/ssl/certs/*

You've noticed that the pfSense Certificate store doesn't list all the certs found in /usr/local/share/certs/ca-root-nss.crt and that's good. If people start to mess with that list, thing will go downhill fast.

These are all 'auto signed' and are all the CAs that are 'trusted' out of the box. These lists are updated often as new trust chaines are signed (agreed upon) among the wold's ruling CA authorities.
These two folders are used when pfSense connects (as a client) to the (example) upgrade.netgate.com update/upgrade package server.

The pfSense Certificate store is a convenient place were the admin can keep the system's local certificates and intermediate certificates for the local server processes.

@chudak

Hey, your late to the party
Several others threads discuss the 'issue' already.
The solution is simple : delete it.

Btw : don't take "delete it" literal.
Of course I also wanted to say : get a pfSense config copy 'in case off'. And then delete it.

OK copy that

But how do you what certificates it's associated with?

Hey, your late to the party
Several others threads discuss the 'issue' already.
The solution is simple : delete it.

Btw : don't take "delete it" literal.
Of course I also wanted to say : get a pfSense config copy 'in case off'. And then delete it.