Differences

This shows you the differences between two versions of the page.

--- pfsense:certificates:create_a_server_certificate [2022/08/18 07:50] – created 185.198.243.242
+++ pfsense:certificates:create_a_server_certificate [2022/08/18 08:02] (current) – [Create the Server Certificate] 185.198.243.242
@@ Line 1: / Line 1: @@
 ====== PFSense - Certificates - Create a Server Certificate ======
+A Server certificate (SSL certificates) is used to authenticate the identity of a server.
+----
+===== Create the Server Certificate =====
+Navigate to **System -> Cert Manager**.
+  * Select the **Certificates** tab and create a Server Certificate by pressing the **“+”** button.
+In **Add/Sign a New Certificate**:
+  * Method: **Create an Internal Certificate**.
+  * Descriptive Name: **ShareWiz OpenVPN**.
+In **Internal Certificate**:
+  * Certificate authority:  **ShareWiz OpenVPN CA**.
+  * Key Type: **RSA**.
+  * Key length: **2048 bit**.
+  * Digest Algorithm:  **SHA 256**.
+  * Lifetime: 397. **(1 year)**.
+  * Common Name: **ShareWiz - OpenVPN CA**.
+  * Country Code: **JE**.
+  * State or Province: **<blank>**.
+  * City: **St. Helier**.
+  * Organization: **ShareWiz**.
+  * Organizational Unit: **<blank>**.
+In **Certificate Attributes**:
+  * Certificate Type: **Server Certificate**.
+  * Alternative Names: **<blank>**.
+<WRAP info>
+**NOTE:**  Lifetime.
+  * New TLS certificates will be limited to 398 days, a little over a year (13 months).
+  * In a move that is meant to boost security, Apple, Google, and Mozilla reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) from their creation date.
+  * To avoid unintended consequences, it is recommended that certificates be issued with a maximum validity of 397 days.
+</WRAP>
+----