It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Manage Certificates in the Certificate Store

  • Last updated on

The certificate store allows administrators to manage certificates on the Control Center and stand-alone firewalls. The certificate store is available on stand-alone firewalls, and on the global, range, and cluster level on the Control Center for managed firewalls. Managed firewalls do not have their own certificate store and can only use certificates in the Control Center certificate stores. For information on how to view and manage certificate details, see Certificate Store Page.

The certificate store can be used by the following services:

Create a Certificate

  1. Go to the certificate store:
    • Stand-alone Firewall – CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Certificate Store.
    • Control Center Global – CONFIGURATION > Configuration Tree > Multi-Rage > Global Settings > Certificate Store.
    • Control Center Range – CONFIGURATION > Configuration Tree > Multi-Rage > your range > Range Properties > Certificate Store.
    • Control Center Cluster – CONFIGURATION > Configuration Tree > Multi-Rage > your range > your cluster > Cluster Properties > Certificate Store.
  2. Click Lock.
  3. Right-click in the table, or click the certificate sign (cert_ico.png) at the top right of the window.
    cert_create1.png
  4. Select Create Self Signed Certificate. The Create Self Signed Certificate window opens.
  5. Enter a Name for the certificate.
  6. Click Create to create a key, or chose an option to import the key:
    • from Clipboard
    • from File
    cert_create2.png
  7. In the Certificate section click Edit.
  8. Click OK.

The certificate is now added to the certificate store and can be used for configuration.

Import a Certificate

If you must import a certificate, check if it is part of a certificate chain. If so, you must import the complete certificate chain into the certificate store so as not to break the chain of trust.
  1. Go to the certificate store:
    • Stand-alone Firewall – CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Certificate Store.
    • Control Center Global – CONFIGURATION > Configuration Tree > Multi-Rage > Global Settings > Certificate Store .
    • Control Center Range – CONFIGURATION > Configuration Tree > Multi-Rage > your range > Range Properties > Certificate Store .
    • Control Center Cluster – CONFIGURATION > Configuration Tree > Multi-Rage > your range > your cluster > Cluster Properties > Certificate Store.
  2. Click Lock.
  3. Right-click in the table, or click the plus sign at the top right of the window.
  4. Select Import new Certificate Store Entry.
    cert_import.png
  5. Chose an option to import the certificate:
    • from Clipboard
    • from File
    • from PKCS12 File
  6. Select the certificate to import, and click Open.
  7. Import the certificate.

The certificate is now added to the certificate store and can be used for configuration.

Add Key to Certificate

If a certificate has no public key assigned, you can assign a key in the certificate store.

  1. Right-click the certificate you want to add the key to.
  2. Select Assign Key to Certificate Store Entry from the context drop-down menu.
    cert_key.png
  3. Import the key from Clipboard or from File.

Export a Certificate

  1. Go to the certificate store:
    • Stand-alone Firewall – CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Certificate Store.
    • Control Center Global – CONFIGURATION > Configuration Tree > Multi-Rage > Global Settings > Certificate Store.
    • Control Center Range – CONFIGURATION > Configuration Tree > Multi-Rage > your range > Range Properties > Certificate Store.
    • Control Center Cluster – CONFIGURATION > Configuration Tree > Multi-Rage > your range > your cluster > Cluster Properties > Certificate Store .
  2. Click Lock.
  3. Right-click the certificate you want to export.
  4. Select Export the selected Certificate Store Entry from the context drop-down menu.
  5. Choose to Clipboard or to File.
    cert_export.png
  6. When selecting to File, enter a name for the certificate and save it to a chosen location.

Edit a Comment on a Certificate

In some cases, you might want to add extra information to a certificate entry. To do so, use the Comment field.

  1. Select the Comment field for the certificate you want to add the comment to.
  2. Click the pen icon in the top right corner of the field, or right-click the certificate and select Edit Comment.


    cert_comment.png
  3. Enter your comment.

Delete a Certificate

  1. Right-click the certificate you want to delete.
  2. Select Delete Certificate Store Entry from the context drop-down menu.

You can also delete a certificate by selecting it and clicking the red cross sign (x ) at the top right of the window.

Enable the Certificate Store on a Control Center

  1. Go to the Range Properties or Cluster Properties page.
    • Control Center Range – CONFIGURATION > Configuration Tree > Multi-Rage > your range > Range Properties.
    • Control Center Cluster – CONFIGURATION > Configuration Tree > Multi-Rage > your range > your cluster > Cluster Properties.
  2. Click Lock.
  3. Set Own certificate store Settings to Yes.
  4. Click Send Changes and Activate.

The certificate store is now added to the range or cluster.