Here is all three certs in zip for exported as .cer format

I don't know if this will work, but here is what I got out of the cert you provided.

May I ask what you did so i can learn more?

What about they key file?

I have a key for the certificates

I just tried to install the cert and it says error installing certificate

I dont know if this helps or not but i just ran two debug commands to see why it is failing and this is the results

*TransferTask: Jan 14 21:51:20.174: RESULT_CODE:1

*TransferTask: Jan 14 21:51:24.202: TFTP: Binding to remote=192.168.10.100

*TransferTask: Jan 14 21:51:24.214: TFP End: 7418 bytes transferred (0 retransmi tted packets)

*TransferTask: Jan 14 21:51:24.215: tftp rc=0, pHost=192.168.10.100 pFilename=/S tudmuffin.pem
pLocalFilename=cert.p12

*TransferTask: Jan 14 21:51:24.262: RESULT_STRING: TFTP receive complete... inst alling Certificate.

*TransferTask: Jan 14 21:51:24.262: RESULT_CODE:13

*TransferTask: Jan 14 21:51:24.263: Adding cert (7358 bytes) with certificate ke y password.

*TransferTask: Jan 14 21:51:24.263: Add WebAdmin Cert: Adding certificate & priv ate key using password Gi604132313
*TransferTask: Jan 14 21:51:24.264: Add ID Cert: Adding certificate & private ke y using password Gi604132313
*TransferTask: Jan 14 21:51:24.264: Add Cert to ID Table: Adding certificate (na me: bsnSslWebadminCert) to ID table using password Gi604132313
*TransferTask: Jan 14 21:51:24.264: Add Cert to ID Table: Decoding PEM-encoded C ertificate (verify: YES)
*TransferTask: Jan 14 21:51:24.264: Decode & Verify PEM Cert: Cert/Key Length wa s 0, so taking string length instead
*TransferTask: Jan 14 21:51:24.265: Decode & Verify PEM Cert: Cert/Key Length 73 58 & VERIFY
*TransferTask: Jan 14 21:51:24.270: Decode & Verify PEM Cert: X509 Cert Verifica tion return code: 0
*TransferTask: Jan 14 21:51:24.271: Decode & Verify PEM Cert: X509 Cert Verifica tion result text: certificate is not yet valid
*TransferTask: Jan 14 21:51:24.271: Decode & Verify PEM Cert: Error in X509 Cert Verification at 2 depth: certificate is not yet valid
*TransferTask: Jan 14 21:51:24.272: Add Cert to ID Table: Error decoding (verify : YES) PEM certificate
*TransferTask: Jan 14 21:51:24.272: Add ID Cert: Error decoding / adding cert to ID cert table (verifyChain: TRUE)
*TransferTask: Jan 14 21:51:24.273: Add WebAdmin Cert: Error adding ID cert
*TransferTask: Jan 14 21:51:24.273: RESULT_STRING: Error installing certificate.

*TransferTask: Jan 14 21:51:24.274: RESULT_CODE:12

*TransferTask: Jan 14 21:51:24.274: Memory overcommit policy restored from 1 to 0

Error installing certificate.

It was a long shot. The cert you provided came up with errors. Take your cert and open it up in a windows machine. If you see “not enough info” then the cert is not valid for use. You used a web server template to create the certificate?

Yes I used the web cert type from my sub ca I have done this before with using hte same steps but never encountered this issue but it was a year or two ago i am wondering if an update to open ssl or windows server or pfsense which i used to create the csr in order to get the sam changed.

Don't know that answer.  Have you looked at the Cisco guide for 3rd party certificates on the AireOS controller?  It shows two ways to generate a CSR, one using OpenSSL and the other from the WLC itself.  That is where I would start and then submit that to your windows CA.

Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC - Cisco

I have that is the guide I followed

The reason I posted that is because you asked about issues with OpenSSL, which is on that document.  Also, there is nothing stating to use "pfsense" to generate a CSR.  My suggestions is to use the WLC to generate the CSR or follow what items you should have in the CSR using the WLC. You can't fill out all the items when you generate the CSR or you will get a failure.  So use the WLC and generate a new CSR.

The reason i use pfsense is becuase i dont really know openssl that much and i could not get it to work to incorporate the sam which is needed by modern browsers into the csr i have done it with pfsense before and gotten it to work but something from the last time i did it and now has changed pfsense has not there were no updates to the cert manager so i dont think it is the csr i think it is something with openssl i am using the latest version maybe that is doing something to the cert

Try to follow the guide and generate the CSR from the controller, not pfsense or openssl.