pfSense

There are a few others in various places around the repo.

etc/phpshellsessions/generateguicert:24:echo gettext("Generating a new self-signed SSL certificate for the GUI...");
etc/inc/unbound.inc:249:        // Enable SSL on the chosen or default port
etc/inc/upgrade_config.inc:1950:        $cert['descr'] = "webConfigurator SSL Certificate";
etc/inc/system.inc:1036:    log_error(gettext("Creating SSL Certificate for this host"));
usr/local/www/services_captiveportal.php:307:                    $newcp['zoneid'] += 2; /* Reserve space for SSL config if needed */
usr/local/www/services_captiveportal.php:1095:    '*SSL Certificate',
usr/local/www/services_captiveportal.php:1105:))->setHelp('If this option is set, attempts to connect to SSL/HTTPS (Port 443) sites will not be forwarded to the captive portal. ' .
usr/local/www/system_authservers.php:559:))->setHelp('NOTE: When using SSL or STARTTLS, this hostname MUST match the Common Name '.
usr/local/www/system_authservers.php:560:    '(CN) of the LDAP server\'s SSL Certificate.');
usr/local/www/system_authservers.php:594:    ))->setHelp('This option is used if \'SSL Encrypted\' '.
usr/local/www/wizards/openvpn_wizard.inc:104:    /* Default LDAP port is 389 for TCP and 636 for SSL */
usr/local/www/wizards/openvpn_wizard.inc:108:        elseif ($_POST['transport'] == "SSL - Encrypted")
usr/local/www/wizards/openvpn_wizard.inc:478:                $auth['ldap_urltype'] = 'SSL - Encrypted';
usr/local/www/wizards/openvpn_wizard.xml:126:            <description>Address of the LDAP server. When using SSL or STARTTLS, this hostname must match the LDAP server certificate.</description>
usr/local/www/wizards/openvpn_wizard.xml:134:            <description>LDAP Server port, leave blank for the default (389 for TCP or STARTTLS, 636 for SSL).</description>
usr/local/www/wizards/openvpn_wizard.xml:151:                    <name>SSL - Encrypted</name>
usr/local/www/wizards/openvpn_wizard.xml:152:                    <value>SSL - Encrypted</value>
usr/local/www/wizards/openvpn_wizard.xml:155:            <description>&lt;br/&gt;The transport used by the LDAP server. It can either be standard TCP or SSL encrypted.</description>
usr/local/www/wizards/openvpn_wizard.xml:162:            <description>&lt;br/&gt;The Certificate Authority for the LDAP server certificate. Used for SSL and STARTTLS.</description>
usr/local/www/services_checkip_edit.php:155:    'Verify SSL Peer',
usr/local/www/services_checkip_edit.php:156:    'Verify SSL Peer',
usr/local/www/system_advanced_admin.php:425:    $group->setHelp('No Certificates have been defined. A certificate is required before SSL can be enabled. %1$s Create or Import %2$s a Certificate.',
usr/local/www/system_advanced_admin.php:433:    'SSL Certificate',
usr/local/www/services_dyndns_edit.php:363:    'HTTP API SSL Options',
usr/local/www/services_dyndns_edit.php:364:    'Verify SSL Certificate Trust',
usr/local/www/services_checkip.php:94:                            <th><?=gettext("Verify SSL Peer")?></th>
usr/local/www/vpn_openvpn_server.php:963:                $certhelp = '<span id="certtype" class="text-danger">' . gettext("Warning: The selected server certificate was not created as an SSL Server certificate and may not work as expected") . ' </span>';
usr/local/www/vpn_openvpn_server.php:2120:            var errmsg = '<span class="text-danger">' + "<?=gettext('Warning: The selected server certificate was not created as an SSL Server certificate and may not work as expected')?>" + '</span>';
usr/local/www/guiconfig.inc:125:    'SSL - Encrypted' => 636);

There are even more in packages but those don't need to be handled during a release like the base code does.

The LDAP-related options will have to wait for 2.5.0 since it requires a configuration change. The others are cosmetic only and can be applied to 2.4.5.