I use the pfsense certificate manager to issue certs for my VPN client devices. For my Internet-facing life, I have legit SSL certs for everything, I’ve a neurosis about it. But it’s bothered me that for my LAN servers, I’ve continued to use Self-Signed certs for interfaces. Today I fix that.
Here are my notes on how to create and sign a wild-card SSL cert using pfsense for internal use. Note that this approach means you will make your own certificate authority which then must have its root cert installed on any machine you want to use your own certs.