Free Trial
Contact Us

Knowledge Base

Knowledge BaseCertificate Installation

How to Install and Bind an SSL Certificate on pfSense? 

Updated on January 25, 2026
 

Overview: 

This guide provides the step‑by‑step process for importing a Certificate Authority (CA), installing a server SSL certificate, and binding it to the pfSense WebGUI for secure HTTPS access. 

Audience: 

Network administrators, security engineers, and IT professionals managing pfSense firewalls. 

Scope: 

This document covers the full certificate installation workflow, including CA import, certificate installation, and SSL binding within the pfSense interface using the official pfSense documentation as reference. 

Prerequisites 

Before you begin, ensure you have the following: 

  • Administrator access to the pfSense WebGUI 

  • The CA bundle (root + intermediate certificates) from your certificate authority 

  • The server certificate and corresponding private key (if CSR was generated externally) 

  • A configured pfSense environment 

 

Procedure to Install and Bind an SSL Certificate on pfSense 

 

pfSense manages certificates through System → Certificates, where you can create, import, and assign certificates. The general process is: 

  1. Import CA certificates (root + intermediate) 

  1. Import or create the server certificate 

  1. Assign the certificate to the pfSense WebGUI (HTTPS) 

 

Below are the detailed steps. 

  1. Import the Root and Intermediate Certificates 

If your certificate authority (CA) sent you a CA Bundle: 

  1. Go to: 
    System → Certificates → Authorities tab 

  1. Click + Add. 

 

  1. Set Descriptive name 

  1. Set Method = Import an existing Certificate Authority. 

  1. Paste the CA Bundle (root + intermediate certs) into Certificate Data. 

 

  1. Click Save. 

 

 

2. Install the Primary / Server Certificate 

If you generated the CSR in pfSense 

(You will see an entry for it already.) 

  1. Go to: 
    System → Certificates → Certificates tab 

  1. Click Edit next to the certificate. 

 

  1. Paste the signed certificate you received from the CA. 

  1. Click Update. 

 

  1. After that, it should show as below example 

 

 

If you generated the CSR elsewhere (OpenSSL, IIS, etc.) 

  1. Go to: 
    System → Certificates → Certificates 

  1. Click + Add/Sign. 

  1. Choose Import an existing Certificate. 

  1. Paste: 

  • Private Key 

  • Certificate 

  1. Click Save. 

 

 

3. Binding the SSL Certificate to pfSense WebGUI (HTTPS) 

Once the certificate is installed, assign it to the GUI: 

  1. Navigate to: 
    System → Advanced → Admin Access 

  1. Under WebGUI, set: 

  • Protocol: HTTPS 

  • SSL/TLS Certificate: Select the certificate you imported/created 

  1. Click Save. 

 

 

4. Verify SSL is Working 

  1. Open the pfSense URL from your browser 

  1. Check that: 

  • The browser shows no certificate warnings 

  • The certificate matches the host/IP/FQDN 

 

You're Done! 
 
Related Articles:  

Tags:  

Need help?

Need help making a purchase? Contact us today to get your certificate issued right away.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start Chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources