It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda SSL VPN
Overview Documentation

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda SSL VPN sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure SSL Client Certificate Authentication

  • Last updated on

SSL client certificates are a very secure secondary authentication method. When this feature is enabled, users can provide an SSL client certificate, but it is not required by the server. During users' initial login, they must install the SSL client certificate into the certificate store of the browser or operating system. After the initial setup is complete, the authentication process requires minimal user interaction. Users must only select the installed certificate when prompted, and the rest of the setup is completed automatically by the browser and the Barracuda SSL VPN.

The Barracuda SSL VPN validates the offered client certificate according to parameters that are defined by you. If you do not check for certificate attributes that are unique to each user, any user can log in with a browser that has a valid SSL client certificate. To prevent this, you must always combine SSL client certificate authentication with another authentication method like a password prompt.

Before you begin

Create the following:

  • A root certificate. 
  • Client certificates.
  • An authentication scheme using client certificates as a primary or secondary authentication method.

For more information on creating your own self-signed root certificates, see How to Create Certificates with XCA.

Step 1. Upload the root certificate 

For every user database, you can create or upload a unique root certificate. 

  1. Open the Manage System > ADVANCED > SSL Certificates page.
  2. In the Import Key Type section, select A root Certificate Authority certificate you trust for client certificate authentication from the Certificate Type list
  3. In the Import Details section, select the user database that you want to upload the root certificate to.
  4. Click Browse, and select the root certificate file. The certificate file must have a cer or crt extension. 
  5. Click Save.

The certificate then appears in the SSL Certificates section on the Manage System > ADVANCED > SSL Certificates page.
SSLCertList.png

Step 2. Configure client certificate authentication settings

Configure the settings for the client certificates.

  1. Log into the SSL VPN web interface
  2. Go to the Manage System > ACCESS CONTROL > Security Settings page.
  3. In the Client Certificates section, configure the client certificates settings.
  4. Click Save Changes.

Step 3. Add the client certificate authentication module to an authentication scheme

  1. Log into the SSL VPN web interface
  2. Go to the Manage System > ACCESS CONTROL > Authentication Schemes page.
  3. Edit an authentication scheme.
  4. Double-click Client Certificate to add the authentication module.
  5. Click Save.