diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
index b03834477..0cd808839 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -202,7 +202,7 @@
checkbox
@@ -224,6 +224,20 @@
Create a list of sites which may not be inspected, for example bank sites.
]]>
+
+ proxy.forward.ssl_crtd_storage_max_size
+
+ text
+
+ true
+
+
+ proxy.forward.sslcrtd_children
+
+ text
+
+ true
+ proxy.forward.addACLforInterfaceSubnets
diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
index e8768df39..bb89d8426 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -173,6 +173,20 @@
/^([a-zA-Z0-9.:,]){0,}/Please enter ip addresses or domain names here
+
+ Y
+ 4
+ 1
+ 65535
+ max size needs to be an integer value between 1 and 65535
+
+
+ Y
+ 5
+ 1
+ 32
+ the number of sslrtd children needs to be an integer value between 1 and 32
+ NY
diff --git a/src/opnsense/scripts/proxy/generate_cert.php b/src/opnsense/scripts/proxy/generate_cert.php
new file mode 100755
index 000000000..eb23a023c
--- /dev/null
+++ b/src/opnsense/scripts/proxy/generate_cert.php
@@ -0,0 +1,55 @@
+#!/usr/local/bin/php
+