pfSense Certificates - CA and TLS Management

The pfSense Certificate Manager (System > Certificates) provides complete public key infrastructure (PKI) management directly from the web interface. It supports creating and maintaining Certificate Authorities (CA), server and client certificates, and Certificate Revocation Lists (CRL). Certificates are used to secure the web GUI, authenticate VPN connections, validate user identities, and encrypt traffic between network nodes.

Proper PKI organization is fundamental to network infrastructure security. Compromise of a Certificate Authority private key renders all certificates issued by that CA untrusted. Special attention should be given to CA protection and to maintaining separate trust domains for different services.

In This Section

• Certificate Management - creating an internal CA, server and client certificates, importing external certificates, Certificate Revocation Lists (CRL), and Let’s Encrypt automation via ACME