We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How can I get DigiCert SSL certificates to work with my Barracuda Networks product?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00005446

All Email Security Gateway

To maintain widespread compatibility with older browsers and some mobile devices, DigiCert provides a Cross-Signed Intermediate Certificate which enables legacy devices to follow the intermediate certificate chain to the "Entrust.net Secure Server Certification Authority" Root Certificate. This Cross-Signed certificate appears in your Intermediate Certification Authorities certificates store in Windows. Its Subject is "DigiCert High Assurance EV Root CA" and its Issuer is "Entrust.net Secure Server Certification Authority".

Windows automatically determines which intermediate certificates to send to clients based on which Root Certificates it finds in its Root Certification Authorities certificate store. When the "DigiCert High Assurance EV Root CA" root certificate is present in the Root Certification Authorities cert store, Windows will not see the need to include the Cross-Signed certificate.

[Right Click and Save As]

SSL Plus/Wildcard/UC Bundle:

EV certificate Bundle:

Please refer to this site if any further Intermediate Root Certs are needed.

If you are looking for the intermediate root for your certificate, please download it from inside your DigiCert Account.

To install the Certificate in the BESG (Barracuda Email Security Gateway).


Firmware Version 6.x and above:

1.     On the web interface, navigate to Advanced > Secure Administration.

2.     To generate the CSR under SSL Certificate Configuration > Certificate Type: 
Select Private for the certificate type and fill in the required fields under Private (Self-signed) section.

3.     Download the private key under Private (Self-Signed) of the Secure Administration on the Barracuda appliance web interface.

4.     Then switch to the option Trusted (Signed by a trusted CA) under the SSL Certificate Configuration > Certificate Type

5.     And, click the "Download CSR under "Trusted (Signed by a trusted CA)" section of the Secure Administration tab.

6.     If you have not already done so, send this to your Trusted CA with your order for a new Trusted Certificate.


7.     After receiving the signed certificate back from your trusted CA:

o    From the "Trusted (Signed by a trusted CA)" section of the Secure Administration tab choose browse and select the Trusted Cert. you just received back from your CA and, click the upload button

o    Choose browse again and select the Private Key you downloaded (previous to ordering your Certificate) and, upload it.  (This should match the Certificate you requested to that which your CA sent you) to validate that your CA has sent you a Trusted Cert that matches your request.


o    Choose browse again and select the "chain bundle" also known as an  "intermediate Certificate" and, click the upload again for each piece you have.


As the different pieces are uploaded you should see status changing.  When you see a valid status you should have a "button" to the right of the certificate that says "USE" (This will be displayed at the bottom of the screen (to the right of the status).  Select this button to start using your newly uploaded Certificate.


  Insure all Certificate information matches your order and you are set to go.


IF you have any questions and or issue please feel free to call Barracuda Technical Support.

Link to this page: