The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
:::
:::note
This is based on authentik 2022.3.31 and pfSense 2.6.0-amd64
When enabling SSL, authentik will send a certificate to pfSense. This certificate has to be signed by a certificate authority trusted by pfSense. In this setup we will create our own certificate authority in pfSense and create a certificate that will be used by authentik.
### Step 1 - Certificate Authority
In pfSense, create a certificate authority under _System/Cert. Manager_ and click the `+ Add` button.
In pfsense, export the public **and** the private key of the certificate by going under _System/Cert. Manager_ and then to the _Certificate_ tab.
![](./pfsense-certificate-export.png)
In authentik, import the public **and** the private key by going under _System/Certificates_ and then click on `create`.
### Step 4 - Provider configuration
In authentik, edit the LDAP provider configuration under _Applications/Providers_ and select the certificate we just imported.
### Step 5 - pfSense authentication server
In pfSense, add your authentik LDAP server by going to your pfSense Web UI and clicking the `+ Add` under _System/User Manager/Authentication Servers_.
In pfSense, you can validate the authentication backend setup by going to _Diagnostics/Authentication_ and then select `LDAP authentik` as _Authentication Server_.
You can use the credentials of an authentik user, pfSense will tell you if the connection was successful or not. If it is, congratulations, you can now change the pfSense default authentication backend.
## Change pfSense default authentication backend
In pfSense, you can change the authentication backend used by the Web UI by going to _System/User Manager_ and then click on _Settings_ tab.