Thanks for the feedback. I managed to get this to work largely by following EdwardV’s instructions that can be found here: Link.
Note: Whenever asked for a password, use openhab
Once you’ve created the CA and Openhab Certificates in PFSense you need to:
On my local machine
Prepare the p12 cert (don’t use the p12 cert that PF provides as it does not have the correct password):
#cat pf-sub-ca.crt openhab.crt > openhab.pem
#openssl pkcs12 -export -inkey openhab.key -in openhab.pem -out openhab.p12
Copy the p12 cert to openhab:
#scp openhab.p12 openhabian@openhab.local:/home/[user]/tmp/
On the Openhab Server (in my case openhabian)
#cd /var/lib/openhab2/etc/
#sudo cp keystore keystore.backup
#cd /home/[user]/tmp
#sudo chown openhab:openhab openhab.p12
#sudo systemctl stop openhab2
#keytool -keystore /var/lib/openhab2/etc/keystore -list -v [Note: alias is mykey]
#keytool -delete -alias mykey -keystore /var/lib/openhab2/etc/keystore
#keytool -keystore /var/lib/openhab2/etc/keystore -list -v
#keytool -list -keystore openhab.p12 -storetype pkcs12 [Note: alias should be 1]
#keytool -importkeystore -srckeystore openhab.p12 -srcstoretype PKCS12 -destkeystore /var/lib/openhab2/etc/keystore -deststoretype jks -destalias mykey -srcalias 1
#keytool -keystore /var/lib/openhab2/etc/keystore -list -v
#sudo systemctl start openhab2
Don’t forget to install the PFSense Root and Sub CA certificates in the browsers you are using. There are tutorials out there about how to use PF as a local CA on your network.
Hope this helps!