I wrote an article to monitor PfSense (which is based on FreeBSD, so it'll work on it too) via Telegraf and got problems with my own CA.
Telegraf agent did not send data because the authority was unknow :
InfluxDB Output Error: post https://influxdb01.pla01.lbdg.lan:8086/write?db=pla01_firewall: x509: certificate signed by unknown authority
Open an SSH connection
On PfSense WebUI interface go to System => Advanced and check Enable Secure Shell
Now you can connect to PfSense / FreeBDS via SSH
Add the CA cert to cert.pem
I uploaded my certificate to /etc/ssl on PfSense via scp and copy the certificate in /etc/ssl/cert.pem
cat certificate.crt >> cert.pem
It works, the certificate authority is not unknown anymore
Don't forget to disable SSH after this.