Under "System > Trust > Certificates" for GUI. For automated deployment, consider this link, reproduced below. Notably:
opnsense:
cert:
refid: (hex)
descr: (cleartext)
cert: (PEM + base64)
prv: (PEM + base64)
system:
webgui:
ssl-certref: (hex)
Sample script for automated deployment
Certificate copied to /root/MyCert.crt and key to /root/MyCert.key:
#!/bin/sh
UNIQID=`/usr/local/bin/php -r "echo uniqid();"`
DATE=`date +%Y%m%d`
CRT="/root/MyCert.crt"
PRV="/root/MyCert.key"
FIRSTLN=`grep -m1 -n "<cert>" /conf/config.xml | cut -d ":" -f 1`
DESCR="My Certificate $DATE"
if test -f $CRT; then
mkdir /root/certtemp
cd /root/certtemp
CRTE=`cat $CRT | /usr/bin/openssl base64`
PRVE=`cat $PRV | /usr/bin/openssl base64`
DESC="<descr>$DESCR</descr>"
CERT=`echo "<crt>$CRTE</crt>" | tr -d '\n'`
PRIV=`echo "<prv>$PRVE</prv>" | tr -d '\n'`
REFID="<refid>$UNIQID</refid>"
PATERN="\\n $REFID\\n $DESC\\n $CERT\\n $PRIV\\n <\\/cert>\\n"
echo " $REFID" > temp.txt
echo " $DESC" >> temp.txt
echo " $CERT" >> temp.txt
echo " $PRIV" >> temp.txt
echo " </cert>" >> temp.txt
echo " <cert>" >> temp.txt
cp /conf/config.xml config.xml
sed "${FIRSTLN}r temp.txt" config.xml > config.xml.tmp
sed "s@<ssl-certref>.*</ssl-certref>@<ssl-certref>${UNIQID}</ssl-certref>@" \
config.xml.tmp > config.xml.new
cp $CRT cert.pem
cat $PRV >> cert.pem
cp /conf/config.xml /conf/config.xml.$DATE
cp config.xml.new /conf/config.xml
cp /var/etc/cert.pem /var/etc/cert.pem.$DATE
cp cert.pem /var/etc/cert.pem
/usr/local/etc/rc.restart_webgui
# Cleanup
cd /root
rm -rf certtemp/
rm $CRT
rm $PRV
echo "New certificate $DESCR installed."
else
echo "Nothing to do. Exiting."
fi
Manual restart of the web GUI using:
root:~# /usr/local/sbin/pluginctl webgui restart
Install vim:
root:~# pkg install vim
root:~# vim /var/unbound/host_entries.conf