Back to Catalog

The Barracuda WAF-as-a-Service (WaaS) Orchestrator integrates with the Barracuda WaaS REST API (v4) to manage and inventory the TLS certificate configured on each WaaS application endpoint. Two deployment modes are supported and auto-selected based on store configuration: (1) Shared-cloud (the default for standard WaaS accounts) - the orchestrator uploads plain-PEM certificate and private key to Barracuda, which encrypts them server-side. (2) Isolated/container mode (opt-in, for customers running dedicated WAF containers) - the orchestrator client-side-encrypts the private key with AES-256-CBC + RSA-OAEP-SHA256 under the customer's Container Encryption Key before upload, so Barracuda's control plane never sees plaintext key material.

View on GitHub