Friday, August 23, 2013

Adding a SSL Cert to a Barracuda Device

This week has been a fun one as I've been trying to get a number of SSL certificates renewed and deployed to our servers (I thought having them all renew at the same time would be efficient, ended up being a big pain)

We needed to get a SSL cert on our Barracuda Spam Firewall so we could get TLS encryption enabled. I found that adding the Cert was a bit more difficult to do as the documentation provided by barracuda provided. The key to being able to add a Trusted Cert to a Barracuda was having the cert in the PEM file format, something that I had not done before.

We have our certs stored as a PFX file with its private and public key stored with an encrypted password to protect it. As the Barracuda would not take a PFX file, I had to convert it from a PFX file to PEM files, one for public and one for private keys.

  1. To separate the certificate I used OpenSSL to do it. Download OpenSSL and install it.
  2. To Extract the private key from the PFX file:
    openssl.exe pkcs12 -in SSLCert.pfx -nocerts -out privateKey.pem
  3. To Extract the public key from the PFX file:
    openssl.exe pkcs12 -in SSLCert.pfx -clcerts -nokeys -out publicCert.pem
  4. To remove the password from the private key file:openssl.exe rsa -in privateKey.pem -out private.pem 
 To add the cert to the Barracuda, log into device and go to Advanced / Secure Administration.


  1. Change the SSL Certificate Configuration to Trusted
  2. For Upload Trusted Certificate: Set the certificate to publicCert.pem
  3. Set the Certificate Password - if you set one.
  4. For Private Key: Set the certificate to private.pem
  5. If there is a Intermediate Certificate, set the Certificate Chain Bundle to the intermediate certificate.
  6. Press Upload Certificate Information and then Save Changes