Generate a CSR Using OpenSSL or the DigiCert Certificate Management Utility

For many versions of Barracuda SSL VPN devices the interface doesn't support creation of a 2048 bit certificate signing request. It does however allow you to import a private key, and certificate files that were generated using a 2048 bit CSR. Since the industry has moved towards a more secure 2048 bit CSR, this document will explain how you can create a CSR using the Open Source software OpenSSL, and also using the DigiCert Certificate Utility for Windows. If you use the Windows Utility you will then need to import the certificate files to the computer that you generate the CSR from, then export them as Apache format certificate files.

CSR Generation Using OpenSSL

    The very easiest way to create your CSR will be using the OpenSSL CSR Wizard (as seen below). Simply fill out the information, then click generate then in the right area you will be given the entire command needed to create a CSR using OpenSSL.

    OpenSSL CSR Wizard

    If you are really well versed in OpenSSL or aspire to become an OpenSSL ninja you can run your own command.

  1. Replace your_domain_com below with the Fully Qualified Domain Name (FQDN) you need to secure (e.g. barracuda.domain.com):
    openssl req -new -newkey rsa:2048 -nodes -keyout your_domain_com.key -out your_domain_com.csr When prompted for the common name, enter the FQDN you are securing (if using a wildcard use *.yourdomain.com).

    Then enter all of the organization details of your organization and enter the location of an office for the locality, state and country when prompted.

    The files for your CSR (your_domain_com.csr) and Private Key (your_domain_com.key) will then be created.

CSR Creation Using the DigiCert Utility for Windows

  1. To create the CSR on a Windows computer download and run the DigiCert Certificate Utility for Windows onto your computer.

    Note: If you get a yellow Warning sign saying the intermediate certificates are not installed properly, just ignore it. That error is meant for Microsoft Servers (e.g. IIS, Exchange, OCS, Lync, etc.) not for regular computers running Windows.

  2. Click Create CSR.

  3. Enter your organization's details into the form and click Generate to create your CSR:

    The Common Name should be the name you need secured (e.g. barracuda.domain.com)
    Subject Alternative Names are for additional names you need secured in a Unified Communications Certificate.


  4. Then you can either 'Copy the CSR' to your computer's clipboard so you can use the hotkey 'Ctrl + V' to paste it into the web browser for the ordering process or save the CSR file to your hard drive.