In OPNsense, certificates are used for ensuring trust between peers. To make using them easier, OPNsense allows creating
certificates from the front-end. In addition to that, it also allows creating certificates for other purposes,
avoiding the need to use the
openssl command line tool. Certificates in OPNsense can be managed from
Examples of OPNsense components that use certificates: * OpenVPN * IPsec * Captive Portal * Web Proxy
The following types of certificate can be generated in OPNsense:
- Combined Client/Server
- Certificate Authority
In addition to this, OPNsense can generate a Certificate Signing Request (CSR). This can be used if you want to create a certficate signed by an external CA.
Make sure that you select the correct certificate type, as many clients will refuse connection (or at least show errors) if an incorrect certificate type is used. For example, you can use either a server certificate or a combined client/server certificate to secure the connection to the web interface, but not a CA or client certificate.
In Setup Self-Signed Certificate Chains with OPNsense you will find examples of how to setup certificate chains yourself.