We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Use and Manage Certificates with the Certificate Manager

  • Last updated on

The Barracuda CloudGen Firewall uses the Certificate Manager as a central repository to manage all X.509 certificates on the device. You can create self-signed certificates or upload your own certificates. All certificates are available for all firewall services, as long as they meet the requirements for that service.

Create a Self-Signed Certificate

  1. Go to ADVANCED > Certificate Manager
  2. Click Create. The Create Certificate window opens.
  3. Enter the certificate information.
    • Certificate Name – Enter a name to identify this certificate.
    • Common Name – Enter the domain name (DN) that is used to access the service, e.g., "mycompany.vpn.com", *.domain.com It must contain at least one dot (.)
    • Country Code (2 characters) – Enter the two–letter ISO country code of the location of the organization.
    • State or Province – Enter the full name of the state or province of the location of the organization.
    • Location – Enter the full name of the city where the organization is located.
    • Organization – Enter the name of your organization or company.
    • Organizational Unit – Enter the department or unit within the organization.
    • Key Size (bits) – Select the private key size for the certificate from the dropdown list. The default key size is 2048 bits. Use 2048 bits if you want stronger and more secure encryption.
    • Disallow Private Key Download – Selecting this option will lock the private key corresponding to this certificate. Normally, certificates are downloaded in PEM format, which includes the private key and certificate. When a key is locked, the PEM file will only contain the certificate.

      Private keys are not included in the backup. Download the private key and keep it in a safe location.

    • Expiration Date – Click the calendar icon to select a date.

    • Subject Alt Name – Set the Email, DNS, URI or IP for this certificate.

      For a Client–to–Site VPN connection to a mobile device, set the DNS to the FQDN of the firewall. The FQDN must resolve to the IP address of the VPN service on the firewall.

    • Add to VPN Certificates – Automatically add this certificate to the list of VPN certificates. You can also manually add the certificate to the VPN certificates later on the VPN > Settings page.

  4. Click Save

Upload a Certificate

You can upload certificates in PEM or PKCS12 files. PEM files can either contain a single certificate or multiple certificates. Multiple PEM files must contain one or more certificates and the private key in order to create a complete chain of trust.

  1. Go to ADVANCED > Certificate Manager
  2. Click Upload. The Upload Certificate window opens.
  3. Enter the Certificate Name.
  4. Select the Certificate Type to match your certificate file.
  5. (optional) If you want to use the certificate for the VPN service, select Add to VPN Certificates.
  6. Click Browse to select the Certificate File.
  7. (multiple PEM files) Click Browse to select the Certificate Key File
  8. (optional) Enter a Certificate Password.
  9. (optional) Select Disallow Private Key Download. This action cannot be reversed. 

    Private keys are not included in the backup. Download the private key and keep it in a safe location.

  10. Click Save

Download or View a Certificate or Certificate Signing Request (CSR)

  1. Go to ADVANCED > Certificate Manager.
  2. Click the info icon info.png to open the View Certificate window.
  3. You can now:
    • Click Details to see the complete certificate information. 
    • Click Download Certificate to download the certificate in a PEM file.
    • Click Download Key to download the private key in a PEM file.

Delete a Certificate

You cannot delete certificates that are in use. Change the certificate for all services listed in the Usage column and then click trashcan.png in the Action column to delete the certificate.

Add Certificates to the VPN Certificates

Certificates that are to be used for the VPN service must be added to the VPN certificates. If you did not select Add to VPN Certificates when creating or uploading the certificates, you can also add it to the VPN Certificates in the VPN Settings. Root CA certificates must be CA certificates.

  1. Go to VPN > Settings.
  2. Select the certificate you want to add from the Local Certificates dropdown and click +.
  3. Select the certificate you want to add from the Root CA Certificates dropdown and click +.
  4. Click Save.

Select the SSL Interception Certificate

You can only use certificates with the CA option for SSL Interception.

  1. Go to FIREWALL > Settings
  2. Verify that Enable SSL Interception is set to Yes
  3. Select the certificate from the Select Certificate dropdown.
  4. Click Save.

Select the SSL Certificate for the Web Interface

  1. Go to ADVANCED > Secure Administration.
  2. Select the certificate from the Certificate for SSL dropdown.
  3. Click Save

Select the SSL Certificate for the SSL VPN

It is recommended to use signed certificates for the SSL VPN service.

  1. Go to VPN > SSL VPN.
  2. Click on the Server Settings tab.
  3. Select the certificate from the Certificate dropdown.
  4. Click Save.
Last updated on