Let’s Encrypt is a certificate authority that provides free signed certificates that are valid for 90 days. The certificates are accepted by most of the browsers.
The Barracuda WAF provides integration with Let’s Encrypt to generate, sign, install, and renew certificates for their domains running on the Barracuda Web Application Firewall.
Generating a Let’s Encrypt Certificate
Before You Begin
- Create an HTTP service and ensure if the service is in the ACTIVE mode.
- The domain is accessible publically on port 80. Also, ensure that this domain is accessible to the HTTP service created in step 1.
- Configure content rule.
To generate the certificate from Let’s Encrypt CA:
- Click the Let’s Encrypt button. The Certificate Generation window appears.
- Specify values for the following fields:
- Certificate Name - Enter a name to identify this certificate.
- Select Key Type as RSA
- Common Name - Enter the domain name (DN) of the web server for which you want to generate the certificate. For example: "barracuda.domain.com".
- Subject Alternative Names (SAN) - Enter Subject Alternative Names (SAN) that needs to be associated with the certificate. Select DNS attribute from the drop-down list, and provide the appropriate value. For example: For DNS , the DNS domain name is specified. Example : barracuda.yourdomain.com
- Country Code (2 characters) - Enter the two-letter country code of the location of the organization.
- State or Province - Enter the full name of the state or province of the location of the organization.
- Locality (City) - Enter the full name of the locality (city) where the organization is located.
- Organization (Company) Name - Enter the legally registered name of the organization or company.
- Renew Automatically - Select Yes if you want the signed certificates to get automatically renewed after the validity period. Click the dropdown list and select the number of days after which you want the certificate to be renewed.
Allow Private Key Export - Set Yes to export the private key corresponding to the certificate. Certificates are downloaded in PKCS #12 format which includes the private key and certificate. If set to No, the private key is locked and the certificate can be download only in PEM format. Also, note that the backup of the system configuration will not include the private key of the certificate.
Click Generate Certificate. You can view the created certificate in the Saved Certificates section.