It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

How can I upload a certificate to the Barracuda SSL VPN that has two or more chain certificates?

  • Type: Knowledgebase
  • Date changed: 3 years ago

Solution #00004593



Applies to all Barracuda SSL VPNs.



When a certificate is received from a Certification Authority it sometimes contains more than one Intermediate Certificate. As the SSL VPN only has one entry field for the Certificate Chain, the best solution is to combine all the individual certificates in the chain into one large chain certificate file.


Identify the certificate file that was generated from the CSR. This is usually named after the host and domain that it was created for. Move this to a safe location as this will not be needed in creating the chain certificate file.


Inspect each of the remaining certificates in order to identify the order in which they belong to the chain. One method for this is to open the certificate details and inspect the Certification Path. Alternatively, a Certificate Decoder can be used to reveal which certificate it was issued by.

Create a new text file once the order of the chain has been established. Copy and paste the certificate text data from each certificate to the text file in order starting with the highest level certificate and then continuing down the chain. Save the file once all certificate elements have been added. The new file should now be accepted when used in the Certificate Chain field in the Appliance interface.




A certificate from a CA may contain the following files:






The file vpn_barracuda_com.crt can be identified as the certificate file so USERTrustServerCA.crt and EnterpriseSecureServerCA.crt are both chain certificates. Inspecting USERTrustServerCA.crt reveals it was issued by EnterpriseSecureServerCA. This makes EnterpriseSecureServerCA.crt the highest level certificate. A new file is created and the text data from EnterpriseSecureServerCA.crt is added first. The data from USERTrustServerCA.crt is added below this and the file is saved. The new file will now be used as the Certificate Chain Bundle.


Link to this page: