This solution applies to all Barracuda Web Application Firewalls.
You will receive the error "private key cannot be exported" on your Barracuda Web Application Firewall if you imported the certificate and key, checked the Disallow private key export under Basic > Certificates, and attempted to create a backup.
Disallow private key export is explained as: Selecting this option will lock the private key corresponding to this certificate. Normally certificates are downloaded in pkcs12 format which includes the private key and certificate. When a key is locked, you can only download the certificate in PEM format. Also, you cannot take a backup when private key is locked.
To correct this issue so you can create a backup, please follow these steps:
- Import the certificate to the Barracuda Web Application Firewall again and do not check Disallow private key export. This will make the certificate and the private key exportable.
- Once done, go to Basic > Service > Edit and bind the service with the new certificate.
- Then delete the key which is not being used (i.e. the one that could not be exported).
You will now be able to create a backup.
Link to this page: