It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Why are users prompted to accept the Email Security Gateway's SSL certificate when actioning quarantine items?

  • Type: Knowledgebase
  • Date changed: 2 years ago
Solution #00000954

Applies to all Email Security Gateways using the Per User Quarantine functionality and SSL, all firmware versions.


If users trying to access their Quarantine Inbox are being prompted to accept an SSL certificate when they already have it installed (often with a domain mismatch error), it may be due to the lack of a Quarantine Host value in your Email Security Gateway's configuration. In these cases, the links in user Quarantine Notification emails should reference https://<barracudaname>.<domain.dom> (where <barracudaname> is the hostname of your Email Security Gateway, and <domain.dom> is your domain name) instead of https://<IP> (where <IP> is the IP address of your Email Security Gateway) to avoid prompting users to accept the certificate. The issue has to do with the domain name given in the link matching domain name of the SSL/TLS certificate. If an IP address is given in the link, the IP will not match the domain name of the certificate. To fix this, specify a Quarantine Host that matches your domain name that will resolve to your Email Security Gateway's IP address when resolved.

This option is on the Basic > Quarantine page. If the Quarantine Host field is empty, your Barracuda will use its IP address (which will not match the certificate). To remedy this, fill in the Quarantine Host field. The value entered here will then be used in place of the Email Security Gateway's IP address.

Additional Notes:
Another possibility, if this does not resolve the issue, is that the certificate's domain name does not match the hostname and domain name of the Email Security Gateway. If your certificate's domain is different from the domain configured near the bottom of the Basic > IP Configuration page, all users will receive a domain mismatch error and be asked to accept the certificate when connecting to the Email Security Gateway over a secure connection. If this is so, you may need to obtain a new, matching certificate or use a wildcard certificate with your Email Security Gateway.

Also, your Email Security Gateway may be using a self signed certification which will require your users to accept the certification before granting access to the website.

Link to This Page: