Applies to all Barracuda Spam Firewalls using the Per User Quarantine functionality and SSL, all firmware versions.
If users trying to access their Quarantine Inbox are being prompted
to accept an SSL certificate when they already have it installed (often with a
domain mismatch error), it may be due to the lack of a Quarantine Host value in your Barracuda Spam Firewall's
configuration. In these cases, the links in user Quarantine Notification emails
should reference https://<barracudaname>.<domain.dom> (where
<barracudaname> is the hostname of your Barracuda Spam Firewall, and <domain.dom> is your domain name) instead of
https://<IP> (where <IP> is the IP address of your Barracuda Spam
Firewall) to avoid prompting users to accept the certificate. The
issue has to do with the domain name given in the link matching domain name of
the SSL/TLS certificate. If an IP address is given in the link, the IP will not
match the domain name of the certificate. To fix this, specify a Quarantine
Host that matches your domain name that will resolve to your Barracuda Spam
Firewall's IP address when resolved.
This option is on the Basic > Quarantine page. If the Quarantine Host field is empty, your Barracuda will use its IP address (which will not match the certificate). To remedy this, fill in the Quarantine Host field. The value entered here will then be used in place of the Barracuda Spam Firewall's IP address.
Another possibility, if this does not resolve the issue, is that the certificate's domain name does not match the hostname and domain name of the Barracuda Spam Firewall. If your certificate's domain is different from the domain configured near the bottom of the Basic > IP Configuration page, all users will receive a domain mismatch error and be asked to accept the certificate when connecting to the Barracuda Spam Firewall over a secure connection. If this is so, you may need to obtain a new, matching certificate or use a wildcard certificate with your Barracuda Spam Firewall.
Also, your Barracuda Spam Firewall may be using a self signed certification which will require your users to accept the certification before granting access to the website.
Link to This Page: