http://blog.basementpctech.com/2012/02/webconfigurator-pfsense-basic-setup.html

From the pfSense menu, select System → Cert Manager to access pfSense System Certificate Authority Manager application.

* Ensure the CA tab is selected and click on the [ + ] to create the Certificate Authority.

16. From the “Method” pull down, select “Create an internal Certificate Authority” and complete the following field pressing the “Save” button when finished.

Descriptive Name: Enter a name for CA

Method: Create an internal Certificate Authority

Key length: Keep at default (2048) bits

Lifetime: Keep at default (3650) days

Country Code: Change to your country

State or Providence: Enter your State or Providence

City: Enter your City

Organization: Enter what you would want to display as the organization that the pfSense firewall belongs. This could be a business name, household name or any other name you like to display in the security certificate.

Email Address: Enter the email address that others can send an email if they have question about the security certificate.

Common Name: Enter a name for the CA security certificate.

17. Your pfSense firewall should now be configured as a trusted Certificate Authority. 18. Next we will configure the Internal Certificate. Click on the “Certificates Tab” and then select “Create an internal Certificate” from Method drop down box. Many of the fields will automatically filled-in from what was entered in the CA tab. Just complete the following fields below:

Descriptive name: Enter a name to describe the security certificate you are creating.

Certificate Type: From the drop down menu, select “Server Certificate”

Common Name: Enter the name of your firewall and domain i.e. firewall.mynetwork.com. If you or your client have a domain that will point to the firewall such as a static or dynamic DNS name, you can type that domain name here.

Press the “Save” button to save changes.

19. You should now display two security certificate under the “Certificates” tab, one that was created during the installation of the pfSense and the one you just created. Currently only the security certificate created during the installation of pfSense is in use and being used by the webConfigurator.

20. Next we will change pfSense to use the new security certificate we created for the webConfigurator. From the “System” menu, select “Advanced”

21. The System: Advance screen should now be displayed. On the “Admin Access” tab, find the following setting:

Protocol: Ensure “HTTPS” is selected

SSL Certificate: In the drop down menu, change the SSL certificate to the internal certificate made n the previous steps.

TCP port: Change port to 445. Port is changed from the standard 443 to 445 to free up port 443 for future use. Hint: VPN connections on port 443 is ensure to be allowed out from any were you may be when on the road if you later decide to configure remote VPN access.

Secure Shell Server: Enable Secure Shell. This allow for remote console access to your firewall.

Press the “Save” button to save changes.

22. Once your save the changes in the System: Advance - Admin tab, pfSense will reissue the security certificate causing your browser to display the Security Certificate Warning again. This is to be excepted since we configured pfSense to use the new security certificate we created except this time if you look at the detail of the security certificate, it should now display the identifying information contained in the new security certificate.

23. You may also notice that pfSense now has an alert displayed in the upper right hand corner of your screen. The alert is to notify you that pfSense has created the keys required for your SSH communication. This is the result of enabling the Secure Shell Server option on the System: Advance - Admin tab. Click the alert to acknowledge the change and the alert should disappear.