1.2.3.4.5.1.2.1.2.3.4.5.6.7.8.1.2.3.and managed by the Barracuda SSL VPN. The module can be used as primary or secondary authentication mechanism. The administrator has togenerate a private and public key which is then uploaded to the Barracuda SSL VPN and stored on the users USB key device or home directory.When you authenticate with a public key, the following steps are followed:The Barracuda SSL VPN generates a random ticket (certificate)The user selects the private key and enters the corresponding passphrase.The ticket is signed with the users private key and sent to the Barracuda SSL VPN.The Barracuda SSL VPN uses checks if the signed ticket is valid with its public key.If the check was successful, the user is logged in.In this article:Step 1. Create or Modify the Authentication SchemeStep 2. Configure Key Authentication SettingsStep 3. Generate KeysCreation and Distribution by AdministratorCreation by Users on LoginStep 1. Create or Modify the Authentication SchemeTo use the public key authentication create or modify the authentication scheme and add the module to thePublic Key Authenticationconfiguration. If you want users to generate their own initial public keys, the public key authentication module will query the users password toauthenticate them before generating the new keys.Step 2. Configure Key Authentication SettingsConfigure the key authentication module:Open the page.Manage System > RESOURCES > Security SettingsIn the section, configure the following settings:Key AuthenticationAllow user to create initial authentication keyEnforce Password Security PolicyStep 3. Generate KeysThere are two ways the keys can be generated:Creation and Distribution by AdministratorThe administrator can initialize the key for a user:Open the page.Manage System > ACCESS CONTROL > AccountsClick on the link for the user you want to generate the key for.MoreSelect .Generate Authentication KeyEnter the . The Administrator can require the passphrase to conform to the password security policy.PassphraseClick .GenerateDownload the zip file..Click .CloseDistribute the key stored in the zip file to the individual user. Barracuda Networks recommends using a USB key for greater security.Creation by Users on LoginThe administrator can also reset the Authentication key, forcing the user to generate a new key at the next login. The user must enter his systempassword when generating the new key.Open the page.Manage System > ACCESS CONTROL > AccountsIn the section, locate the individual user who should create the authentication key and click .Accounts MoreSelect .Reset Authentication KeyOn the next log in the user will be asked to enter his password and a new passphrase. The Barracuda SSL VPN will then generate a zip filecontaining the authentication key, which the user can download.How to Configure SSL Client Certificate AuthenticationSSL client certificates are a very secure secondary authentication method. When this feature is enabled, users can provide an SSL clientcertificate, but it is not required by the server. During users' initial login, they must install the SSL client certificate into the certificate store of the