It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Set Up Barracuda VPN CA VPN Certificates

  • Last updated on

If you are using a client-to-site or site-to-site tunnel using the Barracuda VPN CA, you can either create the certificates directly in the VPN settings via Barracuda Firewall Admin or import certificates from an external CA.

Step 1. Create Default Server Certificate and Key

You can create the certificate via Barracuda Firewall Admin or import external certificates.

Create Certificate and Private Key in Barracuda Firewall Admin

VPN certificates generated directly in the VPN settings are signed by the self-signed Barracuda root certificate of the firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > VPN Settings.
  2. In the left menu, select General.
  3. Click Lock.
  4. In the Default Server Certificate field, select explicit.
  5. Expand the drop-down menu next to the Private key field.
  6. Select Create new key.
    new_key.png
  7. Next to Key Length, select 2048 Bit for fully licensed firewalls or 512 Bit for export-restricted firewalls or firewalls in demo mode.
  8. Click OK.
  9. Expand the drop-down menu next to the Certificate field.
  10. Select Create new certificate.
  11. Fill in the Subject section.
    cuda_ca.png
  12. Click OK.
  13. Click Send Changes and Activate.

The Default Server Certificate and the Private Key are now listed with a valid (green) signature.
ca_cert_01.png

Import Certificate and Private Key

You can also import certificates created in an external CA into the Barracuda VPN CA.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > VPN Settings.
  2. Click Lock.
  3. Expand the drop-down menu next to the Private key field.
  4. Select Import from File and import the private key.
  5. Expand the drop-down menu next to the Certificate field.
  6. Select an import option for the external certificate, depending on the format.
  7. Click Send Changes and Activate.

If the certificates are valid, the Default Server Certificate and the Private Key are now listed with a valid (green) signature.

Step 2. Create a Service Key

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > VPN Settings.
  2. Click Lock.
  3. In the left menu, select Service Keys.
  4. Right-click the table and select New Key
  5. Enter a Key Name and click OK.
  6. Select the Key Length and click OK.
  7. Click Send Changes and Activate.

Your key appears under the Service Keys tab.