The Barracuda WAF-as-a-Service supports client certificate-based authentication, significantly enhancing security by ensuring that only authenticated certificates can access backend servers. This security mechanism involves the Barracuda WAF-as-a-Service authenticating to the server using digital certificates. During the SSL/TLS handshake process, the client certificate is presented, allowing the server to verify the identity of the Barracuda WAF-as-a-Service.
Once mutual authentication is established, both parties use encryption keys to secure their communication. This ensures that all data transmitted during the SSL sessions is encrypted and decrypted properly, maintaining the integrity and confidentiality of the information exchanged.
To enable client certificate-based authentication:
On the WAF-as-a-Service web interface, go to the APPLICATIONS page and click on the application to which you want to enable client certificate-based authentication.
On the application page, click SERVERS in the left panel.
On the Servers page, click the three dots under MORE next to the server and select Edit Server.
On the Edit Server window, select the SSL tab.
Paste the certificate private key in the Private Key text box.
Paste the certificate in the Certificate text box.
Click Save.