It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Client Certificate Authentication for the SSL VPN

  • Last updated on

The SSL VPN service supports authentication via client certificates either as the only authentication method, or in combination with user/password authentication. The client certificates must be installed on the client devices and can be used for the desktop and mobile portal as well as CudaLaunch on iOS and Android.

Before You Begin

Step 1. Import the Root Certificate for VPN Service

Import the root certificate used to verify the client certificates. The certificate must be in PEM or CER format.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN > VPN Settings
  2. Click Lock.
  3. In the left menu, select Root Certificates.
  4. Right-click in the list and select Import PEM from File or Import CER from File depending on the format of your certificate file.
  5. Select the certificate on your disk. The Root Certificate window opens. 
  6. Enter a Name.
    client_cert_auth02.png
  7. Click OK
  8. Click Send Changes and Activate.

The root certificate is now shown in the Root Certificates ist.

Step 2. Configure Client Authentication for SSL VPN

Configure the SSL VPN to use client certificate authentication.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN > SSL VPN
  2. Click Lock.
  3. In the left menu, expand the Configuration Mode section and click Switch to Advanced Mode.
  4. Set Use Client Certificate Authentication:
    • yes – Select to use client certificate authentication in addition to user/password authentication.
    • cert-only – Select to only use certificate authentication.
  5. Click + to add an entry to the Root Certificates list. The Root Certificates window opens.
  6. Enter a Name and click OK
  7. Select the root certificate you uploaded in Step 1 from the Client Root Certificate drop-down menu.
  8. (optional) Add Subject Restrictions to allow only client certificates matching these patterns to connect.
    client_cert_auth04.png
  9. Click OK.
  10. Click Send Changes and Activate.

Step 3. Restart the VPN Service

You must restart the VPN service for the changes to take effect.

  1. Go to CONTROL > Services.
  2. In the Services section, select the VPN service.
  3. Click on the blue arrow icon on the right of the service and select Restart Service.
    restart_vpn.png

You can now use client certificate authentication to log into the SSL VPN desktop and mobile portals as well as CudaLaunch.

Next Steps

Install the client certificates on your client devices. When used in combination with CudaLaunch, see How to Configure CudaLaunch for Mobile with Client Certificate Authentication.