pfsense and users from Zentyal 4.0 over LDAPS
On the zentyal host run
openssl s_client -showcerts -connect localhost:636
pfsense will need a few things from Zentyal/Samba.
1. on the line that says
i:/O=Samba Administration/OU=Samba - temporary autogenerated certificate/CN=servernamehere.domain.lan
servernamehere.domain.lan will be used as the hostname to connect to. This FQDN MUST PING on the pfsense firewall. In the DNS Forwarder on pfsense add in servernamehere.domain.lan and the ip of the zentyal machine.
2. Copy certificate data, and upload to pfsense Cert. Manager. From the above command copy BEGIN CERT to the END CERT into the Cert Manager as a new CA. Any description name should do. Hit save.
Create a User in Zentyal that will allow the bind "pfsenseconnect" or some such user. Also get the BASE DN from Zentyal Users and Computers -> Ldap Settings.
Click select and if you see your LDAP tree, you are connecting over SSL!
Go Here https://doc.pfsense.org/index.php/LDAP_Troubleshooting for more information