diff --git a/src/etc/ssl/opnsense.cnf b/src/etc/ssl/opnsense.cnf
index 1857ba322..5aaccb867 100644
--- a/src/etc/ssl/opnsense.cnf
+++ b/src/etc/ssl/opnsense.cnf
@@ -174,7 +174,7 @@ basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 # This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
+nsComment			= "OPNsense Generated Client Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
@@ -197,6 +197,8 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 # Extensions for a typical CA
 
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OPNsense Generated Certificate Authority"
 
 # PKIX recommendation.
 
@@ -220,6 +222,9 @@ basicConstraints = CA:true
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always
 
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OPNsense Generated Certificate Revocation List"
+
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
 
@@ -229,7 +234,7 @@ authorityKeyIdentifier=keyid:always
 basicConstraints=CA:FALSE
 
 # This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
+nsComment			= "OPNsense Generated Proxy Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
@@ -273,7 +278,7 @@ ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
 # Make a cert with nsCertType=server
 basicConstraints=CA:FALSE
 nsCertType			= server
-nsComment			= "OpenSSL Generated Server Certificate"
+nsComment			= "OPNsense Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth,1.3.6.1.5.5.8.2.2
@@ -295,7 +300,7 @@ keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
 
 [ sign_csr ]
 
-nsComment              = "OPNsense Generated Certificate"
+nsComment              = "OPNsense Generated Certificate Signing Request"
 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid,issuer:always