We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Why does the password that I assigned while exporting the certificate from the Barracuda not work in Windows?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00007815

Scope: Barracuda WAF – Firmware versions 7.9 and above
Barracuda Load Balancer ADC – Firmware versions 5.2 and above

Answer:

The Barracuda, on latest firmware, employ SHA2 as the signing algorithm for certificates.

SHA256 is also used to generate the MAC for the password protected PFX container which is downloaded when you download the certificate in a PKCS12 format, from the Barracuda.

 

Microsoft Windows is unable to extract certificates when the password MAC for the PFX container, is created using the SHA2 algorithm.

So, you will get an “incorrect password” error, even when putting in the correct password.

 

The solution here will be to use “OpenSSL” to extract the certificate and private key from the file downloaded from the Barracuda and then recombine them using OpenSSL to form a PFX which is signed using SHA1, which Windows will be able to handle.

 

The steps:

 

1.    Download the PFX from the Barracuda.

2.    Move the file to a location where a host running OpenSSL can access it. (You can download OpenSSL for Windows from[2]https://slproweb.com/products/Win32OpenSSL.html

3.    Execute openssl pkcs12 -in file.pfx -nocerts -nodes -out key.pem

4.    Execute openssl pkcs12 -in file.pfx -nokeys -nodes -out cert.pem

5.    Execute openssl pkcs12 -export -out final.pfx -inkey key.pem -in cert.pem

 

Steps 3 and 4 are for extracting the private key and certificate, respectively, and step 5 is to recombine them and generate final.pfx which can then be installed in a Windows environment.

 

Please note that you will need to supply passwords, to extract the private key and the certificate and will be prompted to assign one when combining the files back to form a PFX file.





Link to This Page: 
http://www.barracuda.com/kb?id=