bg-tutorials

How to Install an SSL Certificate on Barracuda SSL VPN

This guide gives you step-by-step instructions on how to install an SSL certificate on Barracuda SSL VPN.

Important product note: the standalone Barracuda SSL VPN appliance (BVS) reached End-of-Life and End-of-Support on December 1, 2020. Barracuda no longer ships firmware, security patches, or hotfixes for it. The steps below still apply to existing appliances that are running, but if you are deploying remote access today, move to a supported product instead of buying or extending an SSL VPN. See Is Barracuda SSL VPN still supported? below for the migration path.

Generate a CSR code on Barracuda SSL VPN

If you have already generated the CSR code and received your SSL certificate by email, feel free to skip the first part and jump straight to the installation instructions.

CSR stands for Certificate Signing Request, a block of encoded text that contains your contact details and the domain you want to secure. You send the CSR to your Certificate Authority (CA) during the order so it can validate your request and issue the certificate. When you create the CSR, you also generate the matching private key, which you will need during installation.

You have two options:

Copy your CSR code into a plain-text editor such as Notepad, and include the BEGIN header and END footer lines. Save your private key in the same way and keep it in a safe location, because you cannot reissue or install the certificate without it.

Submit the CSR to your CA and wait for your certificate files to arrive. CAs usually send the files in a ZIP archive by email. Once the CA validates the request and issues your certificate, continue with the installation below.

Install an SSL certificate on Barracuda SSL VPN

After you receive the certificate files from your CA, you can install them through the Barracuda SSL VPN web interface. Make sure you have the following files:

  • Your primary server SSL certificate.
  • Your intermediate CA certificate.
  • Your root CA certificate.

You will find these in the ZIP archive the CA sent you. Extract its contents and, if the files are combined, copy each certificate into a separate .crt file using a plain-text editor such as Notepad. Then follow these steps:

  1. Log in to your Barracuda SSL VPN web interface.
  2. At the top of the page, click Basic, then SSL Certificate.
  3. In the SSL Certificate Configuration pane, next to Certificate Type, select Trusted (Signed by a trusted CA) from the drop-down list.
  4. In the Trusted (Signed by a trusted CA) pane, upload your certificate files one at a time using the Add File browse buttons:
    • Click Browse next to Add File and upload your root certificate file.
    • Repeat the action and upload your intermediate certificate file.
    • Click Browse again and upload your server certificate file.
  5. Check the status of each uploaded file. It should read OK. Then click Use.
  6. Go to the Synchronize SSL Certificate section and click Synchronize to apply the certificate to the appliance.

Well done. You have successfully installed an SSL certificate on the Barracuda SSL VPN web interface.

Test your SSL installation

After you install the certificate, run an SSL scan against your appliance’s public hostname to check the configuration for errors and missing intermediates. A scan confirms that the certificate is served correctly and that the chain is complete, which is the most common cause of trust warnings. For more details, use our SSL Checker to test your SSL certificate.

Is Barracuda SSL VPN still supported?

No. Barracuda discontinued the standalone Barracuda SSL VPN (BVS) product line. It reached End-of-Life and End-of-Support on December 1, 2020. After that date Barracuda stopped releasing bug fixes, security fixes, firmware updates, and hotfixes for it. An existing appliance with an active subscription will keep running, but it no longer receives security patches, so it should not be relied on for new deployments.

For remote access on a current, supported platform, Barracuda points customers to its CloudGen Firewall series, which provides client-to-site and SSL VPN remote access and is available as a hardware, virtual, or cloud appliance. For a modern Zero Trust Network Access (ZTNA) approach that replaces traditional VPN access, Barracuda offers SecureEdge and CloudGen Access. If you are still running the legacy SSL VPN, plan a migration to one of these rather than reissuing certificates indefinitely on an end-of-life appliance.

The certificate steps above remain valid for an appliance that is still in service, so you can renew the existing certificate while you plan the move.

Frequently Asked Questions

Is the Barracuda SSL VPN still sold and supported?

No. The standalone Barracuda SSL VPN (BVS) reached End-of-Life and End-of-Support on December 1, 2020. Barracuda no longer provides firmware updates, security fixes, or hotfixes for it. Existing appliances with an active subscription continue to function, but for new remote-access deployments Barracuda recommends its CloudGen Firewall series, or SecureEdge / CloudGen Access for Zero Trust Network Access.

Where do I install the SSL certificate on Barracuda SSL VPN?

Log in to the web interface and go to Basic > SSL Certificate. Set Certificate Type to Trusted (Signed by a trusted CA), then upload your root, intermediate, and server certificate files with the Add File browse buttons. After each file shows a status of OK, click Use.

Why do I have to synchronize the SSL certificate?

Uploading and clicking Use stages the certificate, but it is not active until you apply it. Open the Synchronize SSL Certificate section and click Synchronize. This step pushes the new certificate into service so the appliance presents it to connecting clients.

Do I need to upload the intermediate and root certificates?

Yes. A missing intermediate certificate is the most common cause of “untrusted certificate” warnings. Upload all three files (root, intermediate, and your server certificate) in the Trusted (Signed by a trusted CA) pane so the appliance presents a complete chain that browsers and VPN clients trust.

What file format does Barracuda SSL VPN expect for the certificates?

Upload each certificate as a separate PEM-encoded .crt file. If your CA delivered the chain as a single bundle, open it in a plain-text editor and split it so the root, intermediate, and server certificates are each in their own file before uploading.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.