It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Set Up Barracuda VPN CA VPN Certificates

  • Last updated on

If you are using a client-to-site or site-to-site tunnel using the Barracuda VPN CA you can create the certificates directly in the VPN Settings via Barracuda Firewall Admin or import certificates from an external CA.

Step 1. Create Default Server Certificate and Key

You can create the certificate via Barracuda Firewall Admin or import external certificates.

Create Certificate and Private Key in Barracuda Firewall Admin

VPN certificates generated directly in the VPN settings are signed by the self-signed Barracuda root certificate of the firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > VPN Settings.
  2. Click Lock.
  3. Click the Settings tab.
  4. Click the Click here for Server Settings link.
    cuda_ca_01.png
  5. In the Default Server Certificate section, click Ex/Import and select New/Edit Certificate. The Certificate View window opens.
    cuda_ca_02.png
  6. Fill in the Subject section.
    cuda_ca_03.png
  7. Click OK.
  8. In the Default Key section, click Ex/Import.
  9. Select New 2048-Bit RSA key for fully licensed firewalls or New 512-Bit RSA key for export restricted firewalls or firewalls in demo mode.
    cuda_ca_04.png
  10. Click Yes.
  11. Click OK.
  12. Click Send Changes and Activate.

The Default Server Certificate and the Default Key are now listed with a valid (green) signature.

cuda_ca_05.png

Import Certificate and Private Key

You can also import certificates created in an external CA into the Barracuda VPN CA.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > VPN Settings.
  2. Click Lock.
  3. Click the Settings tab.
  4. Click the Click here for Server Settings link.
  5. In the Default Server Certificate section, click Ex/Import and select either Import PEM from file or Import fromPKCS12, depending on the external certificate format.
  6. In the Default Key section, click Ex/Import and select Import Private Key from File.
  7. Click OK.
  8. Click Send Changes and Activate.

If the certificates are valid the Default Server Certificate and the Default Server Key are now listed with a valid (green) signature.

Step 2. Create a Service Certificate/Key

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > VPN Settings.
  2. Click Lock.
  3. Click the Service Certificates/Keys tab.
  4. Right-click the table and select New Key
  5. Enter a Key Name and click OK.
  6. Select the Key Length and click OK.
  7. Click Send Changes and Activate.

Your server certificate appears under the Service Certificates/Keys tab.

cuda_ca_06.png