Generate a Certificate Signing Request (CSR) -
Barracuda Networks
Setting up secure administration over SSL/TLS on any Barracuda Networks product is done on the Advanced > SSL or Advanced > Secure Administration page of the Barracuda's Web user interface. While you can specify the Default (Barracuda Networks) certificate for your SSL/TLS connections, this will prompt users and administrators with a domain mismatch error because the certificate's domain is barracudanetworks.com (and your Barracuda Networks product's hostname and domain, configured near the bottom of the Basic > IP Configuration page, will not match barracudanetworks.com when configured correctly).
To generate a CSR (Certificate Signing Request) from your Barracuda Networks product, navigate to the Advanced > SSL or Advanced > Secure Administration page and follow these steps:
- Fill in all of your organization's information on the Certificate Generation section of the page. The Common Name field should match your Barracuda unit's hostname (configured near the bottom of the Basic > IP Configuration page) exactly.
- Click the Save Changes button.
- Click the Download button next to Download Certificate Signing Request (CSR) to download a copy of the CSR the Barracuda Networks has now generated.
Send the CSR to a Certificate Authority (like VeriSign, for example) to have an SSL/TLS certificate generated and signed based on the CSR you have submitted. Ask for an X.509 (or Apache) certificate in PEM format. Once you have received the certificate from the Certificate Authority, you should confirm it is in the right format so that it may be uploaded to the Barracuda unit.
To do this, open the file with Notepad or some other simple text editor (not Microsoft Word). You should see the certificate between the Begin Certificate and End Certificate markers, like this:
-----BEGIN CERTIFICATE-----
(the signed certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----
Once you have verified that it looks correct, upload it to the Barracuda unit using the Upload Signed Certificate option near the bottom of the the Advanced > SSL or Advanced > Secure Administration page of the Barracuda's web interface. To begin using the certificate you've uploaded, select Trusted (Signed by a trusted CA) as the Certificate Type after uploading the certificate, and click Save Changes.
Additional Notes:
If you are unable to upload your signed certificate to your Barracuda product, you may need to include one or more intermediate certificates in the file you are uploading. If needed, these should be provided to you by the organization that signed your certificate. If you have your main certificate alongside one or more intermediate certificates, you should use Notepad or some other simple text editor (not Microsoft Word) to combine them into a single file (copying and pasting the intermediate certificate(s) into the main certificate file should be fine). The order of the certificates doesn't matter, and the file should look like this when you're finished:
-----BEGIN CERTIFICATE-----
(the signed certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(the intermediate certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----
Once this is done, save the new, combined certificate file and upload to the Barracuda using the Upload Signed Certificate option as described above
SSL Certificate Support
- SSL Certificate Support
- SSL Certificate FAQ
- EV SSL Overview
- EV SSL Requirements
- How To Create A CSR
- MS Exchange Server 2007 CSR
- MS Exchange Server 2010 CSR
- MS Exchange Server 2013 CSR
- MS SBS Server 2008 CSR
- MS Windows 2003 - IIS 6 CSR
- MS Windows 2008 - IIS 7 CSR
- MS Windows 2012 - IIS 8 CSR
- Outlook Web Access CSR
- Apache SSL CSR
- Cisco ACS 3.2 CSR
- IBM Websphere MQ CSR
- IBM HTTP Server CSR
- Lotus Domino 7.0 CSR
- Lotus Domino 8.0 CSR
- Covalent Apache ERS 2.4 CSR
- Covalent Apache ERS 3.0 CSR
- F5 BIG-IP CSR
- F5 Firepass CSR
- Mirapoint Message Server CSR
- Nortel SSL Accelerator CSR
- Oracle Wallet Manager CSR
- BEA WebLogic 6.0 CSR
- BEA WebLogic 8.1 CSR
- BEA WebLogic 10.1 CSR
- Barracuda Networks CSR
- SonicWALL SSL CSR
- cPanel WHM CSR
- Paralells Plesk Panel CSR