It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Why does the password that I assigned while exporting the certificate from the Barracuda not work in Windows?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00007815

Scope: Barracuda WAF ? Firmware versions 7.9 and above
Barracuda Load Balancer ADC ? Firmware versions 5.2 and above


The Barracuda, on latest firmware, employ SHA2 as the signing algorithm for certificates.

SHA256 is also used to generate the MAC for the password protected PFX container which is downloaded when you download the certificate in a PKCS12 format, from the Barracuda.


Microsoft Windows is unable to extract certificates when the password MAC for the PFX container, is created using the SHA2 algorithm.

So, you will get an ?incorrect password? error, even when putting in the correct password.


The solution here will be to use ?OpenSSL? to extract the certificate and private key from the file downloaded from the Barracuda and then recombine them using OpenSSL to form a PFX which is signed using SHA1, which Windows will be able to handle.


The steps:


1.    Download the PFX from the Barracuda.

2.    Move the file to a location where a host running OpenSSL can access it. (You can download OpenSSL for Windows from[2]

3.    Execute openssl pkcs12 -in file.pfx -nocerts -nodes -out key.pem

4.    Execute openssl pkcs12 -in file.pfx -nokeys -nodes -out cert.pem

5.    Execute openssl pkcs12 -export -out final.pfx -inkey key.pem -in cert.pem


Steps 3 and 4 are for extracting the private key and certificate, respectively, and step 5 is to recombine them and generate final.pfx which can then be installed in a Windows environment.


Please note that you will need to supply passwords, to extract the private key and the certificate and will be prompted to assign one when combining the files back to form a PFX file.

Link to This Page: