I had been running a VPN server for quite some time. I use it to get a secure connection back to my machines, and for all my embedded devices to dial back to so I can do firmware updates and code improvements while they’re deployed in the field. The problem I had now was that I had moved my VPN server behind the Pfsense router (which was behind another router, still for testing/configuration) and I didn’t want to configure Pfsense to forward through if I was going to have it run the VPN server anyway. On top of that I just discovered a catastrophic bug in a web application I was testing that wrote a lot of garbage to my hard drive, destroying many of the services I was running. So the server was offline, but I still had access to the drive.
The devices I had in the field dialed back using certificates, so I needed to import my CA, and server certificates, including all the client certificates so when I configured the new VPN server, all the clients could still successfully connect. The process was actually pretty simple. To import the certificate, you go into the system menu and click on “Cert. Manager”, and there’s a tab for “CAs”.
Importing the certificate was as simple as copying the contents of the certificate files into the fields in the browser, and the same goes for the server certificate and client certificates (which go in the Certificates tab). One thing to keep in mind is that Pfsense doesn’t support encrypted keys, so you will have to decrypt them before copying your data over. Once I had all my certs copied over, my clients connected back like nothing ever happend!