We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Why are users prompted to accept the Barracuda Spam Firewall's SSL certificate when actioning quarantine items?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00000954

Scope:
Applies to all Barracuda Spam Firewalls using the Per User Quarantine functionality and SSL, all firmware versions.

Answer:

If users trying to access their Quarantine Inbox are being prompted to accept an SSL certificate when they already have it installed (often with a domain mismatch error), it may be due to the lack of a Quarantine Host value in your Barracuda Spam Firewall's configuration. In these cases, the links in user Quarantine Notification emails should reference https://<barracudaname>.<domain.dom> (where <barracudaname> is the hostname of your Barracuda Spam Firewall, and <domain.dom> is your domain name) instead of https://<IP> (where <IP> is the IP address of your Barracuda Spam Firewall) to avoid prompting users to accept the certificate. The issue has to do with the domain name given in the link matching domain name of the SSL/TLS certificate. If an IP address is given in the link, the IP will not match the domain name of the certificate. To fix this, specify a Quarantine Host that matches your domain name that will resolve to your Barracuda Spam Firewall's IP address when resolved.

This option is on the Basic > Quarantine page. If the Quarantine Host field is empty, your Barracuda will use its IP address (which will not match the certificate). To remedy this, fill in the Quarantine Host field. The value entered here will then be used in place of the Barracuda Spam Firewall's IP address.

Additional Notes:
Another possibility, if this does not resolve the issue, is that the certificate's domain name does not match the hostname and domain name of the Barracuda Spam Firewall. If your certificate's domain is different from the domain configured near the bottom of the Basic > IP Configuration page, all users will receive a domain mismatch error and be asked to accept the certificate when connecting to the Barracuda Spam Firewall over a secure connection. If this is so, you may need to obtain a new, matching certificate or use a wildcard certificate with your Barracuda Spam Firewall.

Also, your Barracuda Spam Firewall may be using a self signed certification which will require your users to accept the certification before granting access to the website.


Link to This Page:
https://campus.barracuda.com/solution/50160000000GEtLAAW