We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Manual Root-CA import for the SSL Proxy engine

  • Type: Knowledgebase
  • Date changed: 6 months ago

Solution #00005377

This solution replies to:
- NG Firewall firmware versions 5.0.1, 5.2.x
- netfence firmware versions 4.2.14


Now it is possible to import missing or needed Root-CAs for the SSL Proxy manually via command line interface.


1) It's only possible to import RSA root certificates (no pgp etc)

2) The file extension must be .pem. You can export the root certificate from your browser. Use bvase-64 encoded as export type. In this case you must just rename the .crt file to .pem. The filename must NOT contain blanks or special characters.

3) You need to create the directory "rootcaimport" on the affected box.You do not need to change the file or directory ownership/permissions from root
   mkdir  /opt/microdasys/conf/rootcaimport 

4) SCP the RSA root certificate to this directory.

5) Restart the SSLProxy on the box from "Control" > "Server" > "Restart Service"

6) Check that a *.pem.import file has been created in /opt/microdasys/conf/rootcaimport 

7) The RSA root certificate will show up in the GUI certificate list in "SSL Proxy" > "Certificates"

Link to This Page: