We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

Attention

This Firmware Version Is Going End-Of-Support
As of 1st March 2019, all new sales for the Barracuda SSL VPN product will cease. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time. 1st March 2020: All Barracuda SSL VPN sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires.

How to Configure SSL Client Certificate Authentication

  • Last updated on

SSL client certificates are a very secure secondary authentication method. When this feature is enabled, users can provide an SSL client certificate, but it is not required by the server. During users' initial login, they must install the SSL client certificate into the certificate store of the browser or operating system. After the initial setup is complete, the authentication process requires minimal user interaction. Users must only select the installed certificate when prompted, and the rest of the setup is completed automatically by the browser and the Barracuda SSL VPN.

The Barracuda SSL VPN validates the offered client certificate according to parameters that are defined by you. If you do not check for certificate attributes that are unique to each user, any user can log in with a browser that has a valid SSL client certificate. To prevent this, you must always combine SSL client certificate authentication with another authentication method like a password prompt.

Before you begin

Create the following:

  • A root certificate. 
  • Client certificates.
  • An authentication scheme using client certificates as a primary or secondary authentication method.

For more information on creating your own self-signed root certificates, see How to Create Certificates with XCA.

Step 1. Upload the root certificate 

For every user database, you can create or upload a unique root certificate. 

  1. Open the Manage System > ADVANCED > SSL Certificates page.
  2. In the Import Key Type section, select A root Certificate Authority certificate you trust for client certificate authentication from the Certificate Type list
  3. In the Import Details section, select the user database that you want to upload the root certificate to.
  4. Click Browse, and select the root certificate file. The certificate file must have a cer or crt extension. 
  5. Click Save.

The certificate then appears in the SSL Certificates section on the Manage System > ADVANCED > SSL Certificates page.
SSLCertList.png

Step 2. Configure client certificate authentication settings

Configure the settings for the client certificates.

  1. Log into the SSL VPN web interface
  2. Go to the Manage System > ACCESS CONTROL > Security Settings page.
  3. In the Client Certificates section, configure the client certificates settings.
  4. Click Save Changes.

Step 3. Add the client certificate authentication module to an authentication scheme

  1. Log into the SSL VPN web interface
  2. Go to the Manage System > ACCESS CONTROL > Authentication Schemes page.
  3. Edit an authentication scheme.
  4. Double-click Client Certificate to add the authentication module.
  5. Click Save.
Last updated on