Manualshelf

User`s guide

ManualsBrandsBarracuda Networks ManualsNetworkingFirewall X100
919293949596979899100
Certificate Requirements
Step 1. Create the Required Certificates
Example iOS Certificate Settings
Root Certificate
Server Certificate
Client Certificate
Step 2. Import Certificates into the Barracuda Firewall
Step 3. Add the VPN Connection on the iOS Device
Next Step
Certificate Requirements
Because certificate-based authentication is required, you must have three types of X.509 certificates that come with a valid chain of trust. The
following table lists the required X.509 certificates, their settings, and where they must be installed:
X.509 Certificate Type Where to Install File Type Chain of Trust X.509 Extensions and
Values
Root Certificate Barracuda Firewall
& Apple iOS Device
PEM Trust Anchor Mandatory option for key
usage: Certificate sign;
.CRL sign
Server Certificate Barracuda Firewall PKCS12 End Instance
Key Usage – Include the
"Digital Signature" flag.
Subject Alternative
– DNS hostname. Name
Examples: DNS:vpn.yo
urdomain.com
Note: The hostname
must be DNS resolvable.
Client Certificate Apple iOS Device PKCS12 End Instance
Key Usage – Include the
"Digital Signature" flag.
If CA-signed X.509 certificates are not available, you can use self-signed certificates instead. These certificates must also have a valid chain of
trust. Typically, X.509 certificates are created through a Public Key Infrastructure (PKI) that allows creating, signing, or revoking certificates.
Examples include Microsoft's PKI with Active Directory, and XCA - X Certificate and key management.
Step 1. Create the Required Certificates
Create the required certificates. If you want to create the certificates with XCA, see .How to Create Certificates with XCA
If you have problems with your certificates, compare your settings with those of the following example certificate settings. Especially verify the X50
and settings.9 Basic Constraints X509v3 Key Usage
Example iOS Certificate Settings
Click here to expand...
Root Certificate
Tab Setting Value
Status Signature Algorithm
sha1WithRSAEncryption
Subject RFC 2253
emailAddress=support@barracuda.com,O
U=documentation,O=Barracuda
Networks,L=Innsbruck,ST=Tirol,C=AT
Hash
7b6d2374
Extensions X509v3 Basic Constraints
CA:TRUE
X509v3 Key Usage
Digital Signature, Key Agreement,
Certificate Sign