Axis Communications 214 PTZ 214 PTZ - User's Manual - Page 32
Security - 802.1x, Create self-signed certificate, Create Certificate Request, Installed Certificate
View all Axis Communications 214 PTZ manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 32 highlights
AXIS 214 PTZ 32 To use HTTPS for communication with the AXIS 214 PTZ, a Certificate must be created using one of these methods: • A self-signed certificate can be created in the camera, but this does not guarantee the same level of security as an official certificate. • An official certificate issued by a CA (Certificate Authority). A CA issues and manages security credentials and public keys for message encryption. 1. Click either Create self-signed certificate or Create Certificate Request and enter the required information in the provided fields. 2. Click OK. 3. Create self-signed certificate generates and installs a certificate which will be displayed under Installed Certificate. Create Certificate Request generates a PEM formatted request which you copy and send to a CA for signing. When the signed certificate is returned, click Install signed certificate... to install the certificate in the AXIS 214 PTZ. 4. Set the HTTPS Connection Policy for the administrator, Operator and Viewer to enable HTTPS connection (set to HTTP by default). Please refer to the home page of your preferred CA for information on where to send the request. For more information, please see the online help. Security - 802.1x IEEE 802.1x is an IEEE standard for port-based Network Admission Control. It provides authentication to devices attached to a network port (wired or wireless), establishing a point-to-point connection, or, if authentication fails, preventing access on that port. 802.1x is based on EAP (Extensible Authentication Protocol). In a 802.1x enabled network switch, clients equipped with the correct software can be authenticated and allowed or denied network access at the Ethernet level. Clients and servers in an 802.1x network may need to authenticate each other by some means. In the Axis implementation this is done with the help of digital certificates provided by a Certification Authority. These are then validated by a third-party entity, such as a RADIUS server, examples of which are Free Radius and Microsoft Internet Authentication Service. To perform the authentication, the RADIUS server uses various EAP methods/protocols, of which there are many. The one used in the Axis implementation is EAP-TLS (EAP-Transport Layer Security). The AXIS network video device presents its certificate to the network switch, which in turn forwards this to the RADIUS server. The RADIUS server validates or rejects the certificate and responds to the switch, and sends its own certificate to the client for validation. The switch then allows or denies network access accordingly, on a preconfigured port. RADIUS RADIUS (Remote Authentication Dial In User Service) is an AAA (Authentication, Authorization and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations. CA servers In cryptography, a Certification Authority (CA) is an entity that provides signed digital certificates for use by other parties, and thus acts a trusted third party. There are many commercial CA's that charge for their services. Institutions and governments may have their own CA, and there are free CA's available.