I had installed puppet agent on the machine, and trying to configure opn-cli on opnsense machine, it is asking for ca.pem, does anyone have any idea where did I get this file. I had tried the certificate inside System->Trust->Certificate but it is a TLS certificate but I need SSL certificate, please let me know where can I get that file and also please let me know if I am doing it wrong or not. If yes then let me know the right way to do it.
TLS and SSL are these days used conversely. Think of them as the same.
What you can do most of the times is convert an existing certificate if you have it with openssl tools on the command line and if you know any passphrases attached to them: https://www.openssl.org/docs/
Going by the name "ca.pem" it might be the CA in a chain of trust, and that can be your own for "self-signed" certs or a public one.
I am not able to understand this can you please brief with one example my major concern is I want to connect two or three opnsense firewall using puppet for a common/central management server
Did you follow these instructions?
https://github.com/andeman/puppet-opnsense
opn-cli goes on the bastion host, not the manages OPNsense firewalls.