How to Install Comodo SSL in my Pfsense?

Dear All,

I am new in this forum, recently I subscribed for the 90 days free trial of Comodo SSL. And I received already in my email the zip file, where are the following certificate below;


I don’t know how can I install this in my pfsense server, I am trying but no luck after I import in cert manager CA, I could not access the console via Webgui, so I removed again the https from the shell. I hope someone can help me about this before I fully subscribe…Thank you.

pfSense’s documentation is horrendous so I understand your confusion!

How did you generate the CSR? Did you use pfSense or did you perhaps use OpenSSL?

Hi Sal, Thanks for comments. I used the pfsense Cert Manager,CA’s…


Loosely put:


  • AddTrustExternalCARoot.crt
  • ComodoRSAAddTrust.crt
  • COMODORSADomainValidationSecureServerCA.crt

To the “CA” section. There should be a “+” in there to do so.

Then go in to the ‘certificates’ section and click the little pencil icon (it says “update CSR when you hover over it”). Once this section loads, you should be able to paste the contents of “” in to the textarea for “Final certificate data”. once pasted click “Update”

To use the new certificate navigate to “System / Advanced / Admin Access” and under “webConfigurator” select the protocol of HTTPS.

In the SSL Certificate drop-down, select your newly installed certificate.

Once set, scroll down the page and click “Save”. Changes should take effect upon save BUT if they don’t, simply restart services.

Hope this helps!

Hi Sal,

Thank you very much for your prompt reply. I think it will work for the procedure below. But, now I have an issue, I deleted already the CSR I created and submitted in Comodo, that’s why now I couldn’t update and paste the final certicate in my CSR, is there any way to retrieve this? Thanks.

You shouldn’t need a CSR but rather a Private Key. If you lost your private key, you will need to generate a new key and CSR pair. Once you have the new CSR, you’ll need to open a support ticket and ask for a re-issue of the certificate.