I wrote an article to monitor PfSense (which is based on FreeBSD, so it'll work on it too) via Telegraf and got problems with my own CA.
Telegraf agent did not send data because the authority was unknow :

InfluxDB Output Error: post https://influxdb01.pla01.lbdg.lan:8086/write?db=pla01_firewall: x509: certificate signed by unknown authority

Open an SSH connection

On PfSense WebUI interface go to System => Advanced and check Enable Secure Shell


Now you can connect to PfSense / FreeBDS via SSH

Add the CA cert to cert.pem

I uploaded my certificate to /etc/ssl on PfSense via scp and copy the certificate in /etc/ssl/cert.pem

cat certificate.crt >> cert.pem


And The_Greatest_Showman_TADA-2
It works, the certificate authority is not unknown anymore
Don't forget to disable SSH after this.