I decided to write a blog post about how to add a wildcard certificate to a Barracuda load balancer because there is zero documentation online on how to do this. Hopefully by doing this I will save some poor network admin hours of google searching or having to talk to Barracuda tech support. In this blog post, I am assuming you have already purchased a wildcard certificate from godaddy.
The first thing you need to do is log on to your barracuda. Navigate to Basic>Certificates and click “Create Certificate.” This will generate your CSR which you need to upload to godaddy.
Fill out all of the fields and click “Generate Certificate” (Make sure the Key Size is 2048 and also make sure the CSR doesn’t expire before the certificate does.)
Once you have generated the CSR, click the CSR link under download for the Certificate that you’ve just created. This will download the certificate you your computer.
Open the downloaded file in a text editor and copy the text to your clipboard. It should look something like this
—–BEGIN CERTIFICATE REQUEST—–
—–END CERTIFICATE REQUEST—–
Log into the godaddy account. Once you are logged in, click the black “My Account” button, expand “SSL Certificates” and click “Launch.”
Click “Re-Key” and paste in the CSR code generated from before. After you have pasted the key, click the black “Re-Key” button and the window will disappear. On the certificate page, choose “Other” and click “Download.”
Extract the zip file to a folder.
Go back to the barracuda and download the generated certificate (Basic > Certificates>Certificate)
On the save token page, enter a secure password, click Save and store it somewhere on your computer. You will need to know this password for later.
We need to convert this new .pfx file to a .pem format. If you already have OpenSSL on your machine, you may skip this step.
Go to http://slproweb.com/products/Win32OpenSSL.html and download the latest Win32 OpenSSL Light. Install it on your machine and add the directory to your Environment Variable Path. (Click “Start” > right click “My Computer” and click “Properties”> Click “Advanced System Settings” > click “Environment Variables” > Under “System Variables” scroll down to “Path” and double-click > Go to the end of the “Variable value” and add the path of your open SSL installation ex: C:\OpenSSL-Win32\bin and hit OK, OK, OK. )
We need to convert the PFX to a PEM in order for the barracuda to read the file. Open you command prompt, change directories to the location of the .pfx file and run this command.
openssl pkcs12 -in certificate_name.pfx -out certificate.cer –nodes
Where certificate_name is the name of the .pfx file you downloaded from the barracuda.
Enter the password you used to download the file and hit enter. There will now be a file called “certificate.cer” in the directory with the PFX file.
Open certificate.cer with a text editor. Look for the line that says “—–BEGIN PRIVATE KEY—–” copy all the way to the line that says “—–End Private Key—–“. Open a new notepad and paste the contents that you just copied. You should have something that looks like this…
—–BEGIN PRIVATE KEY—–
—–END PRIVATE KEY—–
Save the file as private.txt.
Open a new notepad, paste the same content you did for private.txt except this time we are going to add to the end of the file the text from our crt file we downloaded from godaddy. In my case it was domain.net.crt. The new text file should look something like this…
—–BEGIN RSA PRIVATE KEY—–
(the private key, several lines of indecipherable text with no spaces)
—–END RSA PRIVATE KEY—–
(the signed certificate, several lines of indecipherable text with no spaces)
Save the file as your domain underscore TLD dot pem. So for me it would be domain_net.pem.
Now open up the barracuda web interface and go to the certificates page (Basic > Certificates) and upload the certificate to the load balancer.
Certificate Name: Give it a name
Certificate Key: Private.txt
Signed Certificate: PEM file with both the RSA Private Key + Domain Certificate
Intermediate Certificate (click the + button to show): Godaddy Bundle included in downloaded ZIP file from godaddy (gd_bundle.crt)
That’s it! Now go to your services page and apply the certificate to a service that uses SSL like HTTPS. You can then check you did everything correctly by going to http://www.sslshopper.com/ssl-checker.html