Barracuda Icon
Chat
Live Chat

Hi, I'm Rosa.
How may I help you?

How may I help you?

Click below to send us a Message

Support

A global support network of experts.
At your service.

Back to Knowledgebase

How do I set up secure administration using SSL/TLS on my Barracuda Networks product?

Solution #00001327

Scope:
This solution applies to all Barracuda Networks products, all firmware versions.

Answer:
Setting up secure administration over SSL/TLS on any Barracuda Networks product is done on the Advanced > SSL or Advanced > Secure Administration page of the Barracuda's Web user interface. While you can specify the Default (Barracuda Networks) certificate for your SSL/TLS connections, this will prompt users and administrators with a domain mismatch error because the certificate's domain is barracudanetworks.com (and your Barracuda Networks product's hostname and domain, configured near the bottom of the Basic > IP Configuration page, will not match barracudanetworks.com when configured correctly). For the Barracuda Spam Firewall, similar messages may appear when users attempt to action their quarantine items from their quarantine notification emails (see Solution #00000954).

To generate a CSR (Certificate Signing Request) from your Barracuda Networks product, navigate to the Advanced > SSL or Advanced > Secure Administration page and follow these steps:

  1. Fill in all of your organization's information on the Certificate Generation section of the page. The Common Name field should match your Barracuda unit's hostname (configured near the bottom of the Basic > IP Configuration page) exactly.
  2. Click the Save Changes button.
  3. Click the Download button next to Download Certificate Signing Request (CSR) to download a copy of the CSR the Barracuda Networks has now generated.
Send the CSR to a Certificate Authority (like VeriSign, for example) to have an SSL/TLS certificate generated and signed based on the CSR you have submitted. Ask for an X.509 (or Apache) certificate in PEM format. Once you have received the certificate from the Certificate Authority, you should confirm it is in the right format so that it may be uploaded to the Barracuda unit.

To do this, open the file with Notepad or some other simple text editor (not Microsoft Word). You should see the certificate between the Begin Certificate and End Certificate markers, like this:

-----BEGIN CERTIFICATE-----
(the signed certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----

Once you have verified that it looks correct, upload it to the Barracuda unit using the Upload Signed Certificate option near the bottom of the the Advanced > SSL or Advanced > Secure Administration page of the Barracuda's web interface. To begin using the certificate you've uploaded, select Trusted (Signed by a trusted CA) as the Certificate Type after uploading the certificate, and click Save Changes.

Additional Notes:
If you are unable to upload your signed certificate to your Barracuda product, you may need to include one or more intermediate certificates in the file you are uploading. If needed, these should be provided to you by the organization that signed your certificate. If you have your main certificate alongside one or more intermediate certificates, you should use Notepad or some other simple text editor (not Microsoft Word) to combine them into a single file (copying and pasting the intermediate certificate(s) into the main certificate file should be fine). The order of the certificates doesn't matter, and the file should look like this when you're finished:

-----BEGIN CERTIFICATE-----
(the signed certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(the intermediate certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----

Once this is done, save the new, combined certificate file and upload to the Barracuda using the Upload Signed Certificate option as described above.

For instructions on uploading a wildcard certificate, see Solution #00000990.

Link to This Page:
http://www.barracuda.com/kb?id=50160000000GQCr