Sony BRC-X400 Operating Instructions - Page 85

System configuration of the 802.1X, network, Setting, Client certificate

Get Sony BRC-X400 PDF manuals and user guides View all Sony BRC-X400 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 85 highlights

• When using the 802.1X authentication function, always configure the settings after setting the date and time of the camera. If the date and time are incorrect, port authentication may not be performed correctly. System configuration of the 802.1X network The following figure shows a general system configuration of an 802.1X network. Supplicant (camera) Authenticator (hub or router) Authentication server + CA Supplicant A supplicant is a device that connects to the authentication server to join the network. This camera serves as a supplicant in the 802.1X network. The supplicant can enter the 802.1X network after appropriate authentication by the authentication server. Authenticator An authenticator forwards certificate request data or response data that the supplicant or authentication server issues to the other party. Normally a hub, router or access point serves as an authenticator. Authentication server An authentication server has a database of connecting users and verifies if the supplicant is a valid user or not. It can also be called RADIUS server. CA (Certificate Authority) A CA issues and manages certificates of the authentication server (CA certificates) and user certificates. The CA is essential for certificatebased user authentication. Normally a CA is located inside an authentication server. Note This camera supports EAP mode in which the supplicant and the server authenticate using the certificate. This mode requires a CA which issues the certificate. 802.1X Enable Select the checkbox to enable the 802.1X authentication function. Setting EAP identify Enter the user name to identify the client in the 802.1X authentication server up to 250 characters. EAP password Enter a supplicant EAP password which is required when PEAP is selected with EAP mode. The password can be half-width letters and the length should be within 50 characters. Reset To change the once set EAP password, click [Reset] and clear the current password. A new password can be entered. Note Click [Cancel] at the bottom of the menu if you want to cancel changing the EAP password after clicking [Reset]. Doing so restores the other setting items to the previous settings. EAP method You can select the authentication method used with the authentication server. This camera supports TLS and PEAP. [TLS]: By this method, the supplicant and the server authenticate each other using a certificate. This enables secure port authentication. [PEAP]: By this method, an EAP password is used for the supplicant authentication and a certificate is used for server authentication. Client certificate When TLS is selected as the EAP method, the client certificate is imported, displayed or deleted for the camera authentication. To import the client certificate Click [Choose File] to select the client certificate to be imported. The selected client certificate is imported to the camera. Note The import process becomes invalid if the selected file is not a client certificate or the imported client certificate is not allowed. 85

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
85
• When using the 802.1X authentication
function, always configure the settings after
setting the date and time of the camera. If the
date and time are incorrect, port
authentication may not be performed correctly.
System configuration of the 802.1X
network
The following figure shows a general system
configuration of an 802.1X network.
Supplicant
A supplicant is a device that connects to the
authentication server to join the network. This
camera serves as a supplicant in the 802.1X
network. The supplicant can enter the 802.1X
network after appropriate authentication by the
authentication server.
Authenticator
An authenticator forwards certificate request
data or response data that the supplicant or
authentication server issues to the other party.
Normally a hub, router or access point serves as
an authenticator.
Authentication server
An authentication server has a database of
connecting users and verifies if the supplicant is
a valid user or not. It can also be called RADIUS
server.
CA (Certificate Authority)
A CA issues and manages certificates of the
authentication server (CA certificates) and user
certificates. The CA is essential for certificate-
based user authentication. Normally a CA is
located inside an authentication server.
Note
This camera supports EAP mode in which the
supplicant and the server authenticate using the
certificate. This mode requires a CA which issues
the certificate.
802.1X
Enable
Select the checkbox to enable the 802.1X
authentication function.
Setting
EAP identify
Enter the user name to identify the client in the
802.1X authentication server up to 250 characters.
EAP password
Enter a supplicant EAP password which is required
when PEAP is selected with EAP mode. The
password can be half-width letters and the length
should be within 50 characters.
Reset
To change the once set EAP password, click [Reset]
and clear the current password. A new password can
be entered.
Note
Click [Cancel] at the bottom of the menu if you want
to cancel changing the EAP password after clicking
[Reset]. Doing so restores the other setting items to
the previous settings.
EAP method
You can select the authentication method used with
the authentication server. This camera supports TLS
and PEAP.
[TLS]:
By this method, the supplicant and the server
authenticate each other using a certificate.
This enables secure port authentication.
[PEAP]:
By this method, an EAP password is used for
the supplicant authentication and a
certificate is used for server authentication.
Client certificate
When TLS is selected as the EAP method, the
client certificate is imported, displayed or
deleted for the camera authentication.
To import the client certificate
Click [Choose File] to select the client certificate to
be imported. The selected client certificate is
imported to the camera.
Note
The import process becomes invalid if the selected
file is not a client certificate or the imported client
certificate is not allowed.
Supplicant
(camera)
Authentication
server + CA
Authenticator
(hub or router)