Barracuda WAF-as-a-Service Orchestrator

The Barracuda WAF-as-a-Service (WaaS) Orchestrator integrates with the Barracuda WaaS REST API (v4) to manage and inventory the TLS certificate configured on each WaaS application endpoint. Custom certificate upload requires the WaaS account to be in isolated/container mode with a registered Customer Container Encryption Key; the corresponding RSA private key must be held by the customer. Uploaded certificate bundles are encrypted client-side using AES-256-CBC with an RSA-OAEP-SHA256 key wrap before being sent to the API.