SSL (Secure Socket Layer) ensures that your passwords are encrypted and that all data transmitted to and received from the web interface is encrypted as well. All Barracuda Email Security Gateways support SSL access without any additional configuration, and Barracuda strongly recommends securing external access to the web interface as described below. Additionally, some sites may wish to enforce using a secured connection to access the web interface, or prefer to use their own trusted certificates. For more information about and best practices for securing your Barracuda Email Security Gateway on your network, see Securing the Barracuda Email Security Gateway.
The SSL configuration referred to here is related only to the web interface. There is no need to explicitly configure SSL for traffic between the Barracuda Email Security Gateway and your mail servers.
How to Enforce SSL-only Access (recommended)
- On the ADVANCED > Secure Administration page, select Yes to enable HTTPS/SSL Access Only to the web interface. Setting this to No will still allow the Barracuda Email Security Gateway to accept non-SSL connections.
- Select Yes to Use HTTPS Links in Emails for per-user quarantine messages sent from the Barracuda Email Security Gateway.
- Enter your desired Web Interface HTTPS/SSL Port for the web interface. The default is 443.
- Select Supported SSL Protocols you want the Barracuda Email Security Gateway to support: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
- Click Save.
If you wish to change the certificate that is used, you must first create and upload it to the Barracuda Email Security Gateway before changing the Certificate Type in the SSL Certificate Configuration section of the ADVANCED > Secure Administration page. See the online help for instructions. The Barracuda Email Security Gateway supports the following types of certificates:
- Default (Barracuda Networks) certificates are signed by Barracuda Networks. On some browsers, these may generate some benign warnings which can be safely ignored. No additional configuration is required to use these certificates, and are provided free of charge as the default type of certificate.
- Private (self-signed) certificates provide strong encryption without the cost of purchasing a certificate from a trusted Certificate Authority (CA). These certificates are created by providing the information requested in the Private (self-signed) section of the page. You may also want to download the Private Root Certificate and import it into your browser, to allow it to verify the authenticity of the certificate and prevent any warnings that may come up when accessing the web interface.