The Barracuda WAF provides integration with Let’s Encrypt to generate, sign, install, and renew certificates for their domains running on the Barracuda Web Application Firewall.
Before You Begin
- Create a HTTP service and also ensure that the service is in the ACTIVE mode.
- Ensure that the domain is accessible over the internet on TCP port 80.
- Ensure that the domain is accessible to the HTTP service that you created above.
- Allow outbound access to https://acme-v02.api.letsencrypt.org on the firewall.
- Ensure that the "Allow Administration Access" for WAN is set to Yes for UI to successfully create a Let's Encrypt certificate.
To generate the certificate from Let’s Encrypt CA:
Navigate to BASIC > Certificates and then click the Let’s Encrypt button from the Certificate Generation section. The Get Certificate from Let's Encrypt dialog box opens.
- Specify values for the following fields:
- Certificate Name - Enter a name to identify this certificate.
- Key Type - Select Key Type as RSA
- Common Name - Enter the domain name (DN) of the web server for which you want to generate the certificate. For example: "barracuda.domain.com".
- Subject Alternative Names (SAN) - Enter Subject Alternative Names (SAN) that needs to be associated with the certificate. Select DNS attribute from the drop-down list, and provide the appropriate value. For example: For DNS, the DNS domain name is specified. Example : barracuda.yourdomain.com
- Services - Click the drop-down list and then select the service on which this domain is listening . HTTP and HTTPS that have a redirect service will be listed here.
- Renew Automatically - Select Yes if you want the signed certificates to get automatically renewed after the validity period. Click the drop-down list and select the number of days after which you want the certificate to be renewed.
- Click Generate Certificate . You can view the created certificate in the Saved Certificates section.