I was setting up an SSL certificate for secure administration on a Barracuda Networks Load Balancer appliance. Normally Barracuda’s products are very easy to everything, but the Secure Administration certificate install was a bit of a head scratcher. The documentation on their support site seems to miss out a key step of the install, it does mention it on the web interface under the “Private (self-signed)” section but it is not very clear.
So if you want your own certificate or just stick with the default certificate these instructions are not for you. But if you want to have a valid certificate from a third-party CA, you should follow these instructions:
1. Logon to the web interface and then click on “Advanced” and then “Secure Administration”.
2. Now you need to select “Private (self-signed)” (this is the first weird bit, surely you’d do it all under the trusted one?)
3. Enter all your organisation information in the boxes. Paying special attention to the “Common Name” field. Once all the details are in click on “Save Changes”.
4. Now click back on “Secure Administration” then select “Private (self-signed)” now at the bottom you should see two buttons for “Private Key” and “Private Root Certificate” click both and download the keys and keep them safe you’ll need them in a bit.
5. Now click on “Trusted (Signed by a trusted CA)” from the dropdown box, click on “Edit Data” next to the CSR and fill out the details EXACTLY as you did before.
6. Once done click the “Download” button next to the “Edit Data” button for the CSR. Then take the CSR file you got and send it to your CA to get a certificate issued. You need to ask for an Apache certificate in PEM format. More details about this can be found on the Barracuda support site.
7. Once you have your certificate back from the CA, you need to import it.
8. Logon to the web interface and then click on “Advanced” and then “Secure Administration”.
9. Select the “Trusted (Signed by a trusted CA)” from the drop down, then upload the certificates:
10. In my case I got a CRT file with the certificate in it from my CA, firstly click on the PEM certificate type radio button.
11. Now for the certificate upload, click on “Browse” next to “Certificate Authority” box and pick the CRT file you go from your CA.
12. Next click on “Browse” next to the “Private Key” box and pick the private key file you exported earlier.
13. Click the “Upload Certificate Information” and you should have the certificate uploaded. You’ll need to log out possibly for the certificate to take effect. Now the next time you go to the secure administration page you can do so without the certificate errors.(note: if you get an error about your certificate not being valid, you may need to combine an intermediate certificate with the main certificate, more instructions for this can be found here: https://www.barracuda.com/support/knowledgebase/50160000000GQCrAAO)