How to add Certificate Types - pfSense

Introduction In standard installation of pfSense you can only create CA, Intermediate CA, User and server Certificates If you want to...

Introduction

In standard installation of pfSense you can only create CA, Intermediate CA, User and server Certificates
If you want to create other types of certificate you will need to add some info to 3 files

Steps (3 total)

1

Add certificate info at the end of /etc/ssl/openssl.cnf

[ cert_type ]
subjectKeyIdentifier=hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign

2

Add the cert_type to /etc/inc/certs.inc

You will need to search for switch ($type) {
in this switch you add a new case
case "customtype":
$cert_type = "cert_type";
break;

result:
switch ($type) {
case "ca":
$cert_type = "v3_ca";
break;
case "server":
case "self-signed":
$cert_type = "server";
break;
case "customtype":
$cert_type = "cert_type";
break;
default:
$cert_type = "usr_cert";
break;
}

3

Add the Type to /usr/local/www/system_certmanager.php

In this step you give the certificate type a name in the Web-ui
search for: $cert_types = array(
add: "customtype" => "custom type",

Result:
======
$cert_types = array( "ca" => "Certificate Authority",
"server" => "Server Certificate",
"customtype" => "custom type",
"user" => "User Certificate");

Conclusion

From this moment on you can simply create your new type of certificate using de web GUI

References

• Cryptography and SSL/TLS Toolkit - Documentation
• Creating OpenSSL Code Signing Certs on Windows