diff --git a/src/etc/ssl/opnsense.cnf b/src/etc/ssl/opnsense.cnf
index 91cd0b643..c1ea91cf3 100644
--- a/src/etc/ssl/opnsense.cnf
+++ b/src/etc/ssl/opnsense.cnf
@@ -369,3 +369,15 @@ extendedKeyUsage=serverAuth,1.3.6.1.5.5.8.2.2
 keyUsage = digitalSignature, keyEncipherment
 
 ###OPNsense:subjectAltName###
+
+[ combined_server_client ]
+
+basicConstraints=CA:FALSE
+nsComment			   = "OPNsense Generated Combined Client/Server Certificate"
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage       = clientAuth,serverAuth,1.3.6.1.5.5.8.2.2
+# This is typical in keyUsage for a client certificate.
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+
+###OPNsense:subjectAltName###
diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php
index 0cd3d34e8..e7dcafe94 100644
--- a/src/www/system_certmanager.php
+++ b/src/www/system_certmanager.php
@@ -864,6 +864,7 @@ $( document ).ready(function() {
                     <select name="cert_type">
                         <option value="usr_cert" <?=$pconfig['cert_type'] == 'usr_cert' ? 'selected="selected"' : '';?>> <?=gettext("Client Certificate");?> </option>
                         <option value="server_cert" <?=$pconfig['cert_type'] == 'server_cert' ? 'selected="selected"' : '';?>> <?=gettext("Server Certificate");?> </option>
+                        <option value="combined_server_client" <?=$pconfig['cert_type'] == 'combined_server_client' ? 'selected="selected"' : '';?>> <?=gettext("Combined Client/Server Certificate");?> </option>
                         <option value="v3_ca" <?=$pconfig['cert_type'] == 'v3_ca' ? 'selected="selected"' : '';?>> <?=gettext("Certificate Authority");?> </option>
                     </select>
                     <div class="hidden" data-for="help_for_digest_cert_type">