We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure the PKI Service

  • Last updated on

The Barracuda NextGen Control Center Public Key Infrastructure (PKI) uses ITU-T x509 v3 certificates and is similar to the Microsoft PKI that is delivered with Microsoft Windows 2000/2003 servers. A certificate with the V3 basic 'Constraints' extension set to CA:TRUE is handled as a CA. This CA can sign end-user certificates or other CAs. An x.509v3 certificate contains the fully distinguished name and V3 extensions defining the range of application. To mark a certificate as revoked, there are certificate revocation lists. Applications can fetch certificate revocation lists from LDAP or HTTP servers. These servers are specified in the certificate as V3 extension 'crlDistributionPoints'.

The Barracuda NextGen Firewall F-Series supports certificates of the following types:

  • SSL/TLS encryption and authentication of TCP-based protocols like HTTP, SMTP, POP, IMAP, and LDAP
  • S/MIME encryption and signature of emails 
  • IPSec, L2TP
  • VPN connections

Before you Begin

Before configuring PKI, you must create a PKI service on the Box Layer of the Barracuda NextGen Control Center.

Install and Configure PKI

  1. Log into the box layer of the Barracuda NextGen Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > PKI Service.
  3. Click Lock.
  4. Edit the following settings according to your requirements:
    • HA Sync Mode – Enables or disables synchronization with an optional HA partner.
    • Log Level – Specifies the amount of logging. You can select the following options:
      • Silent – No logging except for fatal logs.
      • Normal – Regular logging.
      • Verbose – Regular logging including additional logs (for example, for troubleshooting).
    • Start LDAP Server – Starts an LDAP server on the Barracuda NextGen Control Center box. The service listens on the IP addresses defined in the PKI Service Properties page. The listening ports are port 389 (LDAP) and port 636 (LDAPs).
    • Log Connections – Enables connection logging on the internal LDAP server.
    • External LDAP Server – If you are using an external LDAP server, enter its IP address or DNS-resolvable name.
    • Base DN – Specifies the Base Distinguished Name for inserting and searching CRLs on the LDAP server, e.g.: dc=barracuda,dc=com
    • Root DN – Specifies the distinguished name of the LDAP user for importing CRLs on the LDAP server.
    • Root Password – You can change the password for writing on the LDAP server.

  5. Click OK.
  6. Click Send Changes and Activate.

Continue with How to Configure PKI Certificates .

Last updated on