Firefox loading issues with Pfsense web interface

A while ago I noticed that Firefox began to have issues with loading the web interface for our Pfsense firewalls while other browsers loaded the website with no problems.

Here is a picture showing the timings of the web request for the index page

Firefox loading pfsense slowly

Then I found out that Firefox had changed the behaviour of how it handles SSL certificates in a recent update

There it states that a server certificate are not allowed to have the CA flag set:

Are not allowed to have basic constraints asserting isCA=TRUE.

And if you check the self-signed certificate used by default in pfsense it has the CA flag set.

So I created a CA certificate in Pfsense and then a "server" certificate signed by the seperate CA certificate and configured Pfsense to use the new server certificate instead. This change fixed the issue and now Firefox is loading the web interface without problems.

Pfsense CARP interface stuck in init state

I'm configuring new Pfsense firewalls at work and was having trouble to get traffic flowing through one of the gateways which used a CARP virtual IP address for redundancy. The CARP interface did not work properly and on the standby firewall I found that the CARP interface was stuck in "init" state.

Pfsense carp init

To fix this I had to re-apply the CARP virtual IP interface settings on the standby firewall. Doing it on the active firewall was not enough.