These aren't certificates signed by a CA that's trusted by most browsers - they're self-signed certificates (signed by the appliance) that are trusted within the organization using the Barracuda hardware by provisioning employee browsers to accept the CA.
If you were to extract the private key and use it to sign certificates elsewhere, you'd get the same warning as though you generated a random certificate and used it; the key is only useful within the organization that trusts it.
For a large enough organization, this could be enough. Would it be possible for a hacker to break in, extract the private key, cover their tracks, then create, say, a phishing website that uses the Barracuda CA? Would it show up as a self-signed certificate at any other organization, but it would show up as a trusted site within the organization?
Okay, I understood it as the CA certificate was signed by a "trusted" root CA (one already present/trusted by user's browsers). Glad to hear I'm wrong. Thanks.
These aren't certificates signed by a CA that's trusted by most browsers - they're self-signed certificates (signed by the appliance) that are trusted within the organization using the Barracuda hardware by provisioning employee browsers to accept the CA.
If you were to extract the private key and use it to sign certificates elsewhere, you'd get the same warning as though you generated a random certificate and used it; the key is only useful within the organization that trusts it.