Applies to all SSL VPNs.
The Barracuda SSL VPN can be configured to serve as a Certificate Authority for local certificate authentication. This is Internal Certificate Authentication. To configure this, complete the following steps.
Creating the Certificate Authority - Go to Advanced > SSL Certificate and select the Create CA option. A new window will open in which the details for the CA can be entered. Once all fields have been completed click Create to create the CA for the SSL VPN. Once the Keystore has been created, the SSL VPN service may require restarting in order to apply the changes. A message will appear if this is the case.
Setting the Certificate Options - Go to Access Control > Security Settings and locate the Client Certificate options on the page and set the following options:
* Set Mode of Operation to Accept Certificates.
* Set Certificate Type to Internal.
* Set Validity Period to the number of years that the certificate should be valid for.
* Set Bit Length to the bit size the private key should be.
* Save the settings.
Due to these Configuration changes, the SSL VPN service will need to be restarted after saving these changes. A message will inform you of this and provide a link to the Restart page.
Generating User Certificates - Go to Access Control > Accounts. In the More... options for every Account will be an option labeled Generate Certificate. To generate the users certificates follow these steps:
* Select the Generate Certificate option.
* The Certificate Password page will open. A password must be set to encrypt the certificate. There are two options. A password can be set manual using the Provide your own password option or a password can be automatically generated using the Generate a Password option. Select theGenerate option to change the password that has been created. Once a password has been set select the Create option.
* The Certificate Download page will open. The download prompt for the certificate should appear a few seconds after the page loads. Selecting the Close button should return you to the Accounts page.
Repeat this process for all users that will be using the Certificate authentication.
You will also need to create an Authentication Scheme that uses the Client Certificate module. See the last paragraph of Solution #00003777.
Link to this page: