Axis Communications 212 PTZ 212 PTZ/-V - User's Manual - Page 32

AXIS 212 PTZ/-V - System Options, Setup > System Options > Security > 802.1X

Get Axis Communications 212 PTZ PDF manuals and user guides View all Axis Communications 212 PTZ manuals
Add to My Manuals
Save this manual to your list of manuals

Page 32 highlights

AXIS 212 PTZ/-V - System Options HTTPS AXIS 212 PTZ/-V supports encrypted browsing using HTTPS. A self-signed certificate can be used until a Certificate Authority-issued certificate has been obtained. Click the Create self-signed Certificate button to install a self-signed certificate. Although self-signed certificates are free and offer some protection, true security will only be implemented after the installation of a signed certificate issued by a certificate authority. A signed certificate can be obtained from an issuing Certificate Authority by clicking the Create Certificate Request button. When the signed certificate is returned, click the Install signed certificate button to import the certificate. The properties of any certificate request currently resident in the camera or installed can also be viewed by clicking the Properties... button. The HTTPS Connection Policy must also be set in the drop-down lists to enable HTTPS in the camera. For more information, please refer to the online help. 802.1x IEEE 802.1x is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol). To access a network protected by IEEE 802.1x, devices must authenticate themselves. The authentication is performed by a third-party entity called an authentication server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft Internet Authentication Service. In Axis' implementation, the network device and the authentication server authenticate themselves with the help of digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). The certificates are provided by a Certification Authority (CA). You need: • a CA certificate to validate the identity of the authentication server • a CA-signed client certificate and a private key to authenticate the network device To allow the network device to access a network protected by IEEE 802.1X: 1. Obtain a CA certificate, a client certificate and a client private key (contact your network administrator). 2. Go to Setup > System Options > Security > 802.1X and upload the CA certificate, the client certificate and the client private key. 3. Under Settings, select the EAPOL version, provide your EAP identity and private key password. 4. Check the box to enable 802.1X and click Save. Certificates CA certificate - The CA certificate is used to validate the identity of the authentication server. Enter the path to the certificate directly, or locate the file using the Browse button. Then click Upload. To remove a certificate, click Remove. Client certificate and Client private key - The client certificate and private key are used to authenticate the network device. They can be uploaded as separate files or in one combined file (e.g. a PFX file or a PEM file). Use the Client private key field if uploading one combined file. For each file, enter the path to the file, or locate the file using the Browse button. Then click Upload. To remove a certificate, click Remove. Settings EAPOL version - Select the EAPOL version (1 or 2) as used in your network switch. EAP identity - Enter the user identity (maximum 16 characters) associated with your certificate. Private key password - Enter the password (maximum 16 characters) for the private key. Enable 802.1x - Check the box to enable the IEEE 802.1X protocol. 32

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
32
AXIS 212 PTZ/-V - System Options
HTTPS
AXIS 212 PTZ/-V supports encrypted browsing using HTTPS.
A
self-signed certificate
can be used until a Certificate Authority-issued certificate has been obtained. Click the
Create
self-signed Certificate
button to install a self-signed certificate. Although self-signed certificates are free and offer some
protection, true security will only be implemented after the installation of a signed certificate issued by a certificate authority.
A signed certificate can be obtained from an issuing Certificate Authority by clicking the
Create Certificate Request
button.
When the signed certificate is returned, click the
Install signed certificate
button to import the certificate. The properties of
any certificate request currently resident in the camera or installed can also be viewed by clicking the
Properties...
button. The
HTTPS Connection Policy must also be set in the drop-down lists to enable HTTPS in the camera.
For more information, please refer to the online help.
802.1x
IEEE 802.1x is a standard for port-based Network Admission Control providing secure authentication of wired and wireless
network devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1x, devices must authenticate themselves. The authentication is performed by a
third-party entity called an authentication server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft
Internet Authentication Service.
In Axis’ implementation, the network device and the authentication server authenticate themselves with the help of digital
certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). The certificates are provided by a
Certification Authority
(CA). You need:
a CA certificate to validate the identity of the authentication server
a CA-signed client certificate and a private key to authenticate the network device
To allow the network device to access a network protected by IEEE 802.1X:
1.
Obtain a CA certificate, a client certificate and a client private key (contact your network administrator).
2.
Go to
Setup > System Options > Security > 802.1X
and upload the CA certificate, the client certificate and the
client private key.
3.
Under
Settings
, select the EAPOL version, provide your EAP identity and private key password.
4.
Check the box to enable 802.1X and click
Save
.
Certificates
CA certificate
- The CA certificate is used to validate the identity of the authentication server. Enter the path to the
certificate directly, or locate the file using the
Browse
button. Then click
Upload
. To remove a certificate, click
Remove
.
Client certificate
and
Client private key
- The client certificate and private key are used to authenticate the network device.
They can be uploaded as separate files or in one combined file (e.g. a PFX file or a PEM file). Use the
Client private key
field if
uploading one combined file. For each file, enter the path to the file, or locate the file using the
Browse
button. Then click
Upload
. To remove a certificate, click
Remove
.
Settings
EAPOL version
- Select the EAPOL version (1 or 2) as used in your network switch.
EAP identity
- Enter the user identity (maximum 16 characters) associated with your certificate.
Private key password
- Enter the password (maximum 16 characters) for the private key.
Enable 802.1x
- Check the box to enable the IEEE 802.1X protocol.