The Barracuda, on latest firmware, employ SHA2 as the signing algorithm for certificates.
SHA256 is also used to generate the MAC for the password protected PFX container which is downloaded when you download the certificate in a PKCS12 format, from the Barracuda.
Microsoft Windows is unable to extract certificates when the password MAC for the PFX container, is created using the SHA2 algorithm.
So, you will get an “incorrect password” error, even when putting in the correct password.
The solution here will be to use “OpenSSL” to extract the certificate and private key from the file downloaded from the Barracuda and then recombine them using OpenSSL to form a PFX which is signed using SHA1, which Windows will be able to handle.
The steps:
1. Download the PFX from the Barracuda.
2. Move the file to a location where a host running OpenSSL can access it. (You can download OpenSSL for Windows from[2]https://slproweb.com/products/Win32OpenSSL.html
3. Execute openssl pkcs12 -in file.pfx -nocerts -nodes -out key.pem
4. Execute openssl pkcs12 -in file.pfx -nokeys -nodes -out cert.pem
5. Execute openssl pkcs12 -export -out final.pfx -inkey key.pem -in cert.pem
Steps 3 and 4 are for extracting the private key and certificate, respectively, and step 5 is to recombine them and generate final.pfx which can then be installed in a Windows environment.
Please note that you will need to supply passwords, to extract the private key and the certificate and will be prompted to assign one when combining the files back to form a PFX file.