Sony BRC-X400 Operating Instructions - Page 85
System configuration of the 802.1X, network, Setting, Client certificate
View all Sony BRC-X400 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 85 highlights
• When using the 802.1X authentication function, always configure the settings after setting the date and time of the camera. If the date and time are incorrect, port authentication may not be performed correctly. System configuration of the 802.1X network The following figure shows a general system configuration of an 802.1X network. Supplicant (camera) Authenticator (hub or router) Authentication server + CA Supplicant A supplicant is a device that connects to the authentication server to join the network. This camera serves as a supplicant in the 802.1X network. The supplicant can enter the 802.1X network after appropriate authentication by the authentication server. Authenticator An authenticator forwards certificate request data or response data that the supplicant or authentication server issues to the other party. Normally a hub, router or access point serves as an authenticator. Authentication server An authentication server has a database of connecting users and verifies if the supplicant is a valid user or not. It can also be called RADIUS server. CA (Certificate Authority) A CA issues and manages certificates of the authentication server (CA certificates) and user certificates. The CA is essential for certificatebased user authentication. Normally a CA is located inside an authentication server. Note This camera supports EAP mode in which the supplicant and the server authenticate using the certificate. This mode requires a CA which issues the certificate. 802.1X Enable Select the checkbox to enable the 802.1X authentication function. Setting EAP identify Enter the user name to identify the client in the 802.1X authentication server up to 250 characters. EAP password Enter a supplicant EAP password which is required when PEAP is selected with EAP mode. The password can be half-width letters and the length should be within 50 characters. Reset To change the once set EAP password, click [Reset] and clear the current password. A new password can be entered. Note Click [Cancel] at the bottom of the menu if you want to cancel changing the EAP password after clicking [Reset]. Doing so restores the other setting items to the previous settings. EAP method You can select the authentication method used with the authentication server. This camera supports TLS and PEAP. [TLS]: By this method, the supplicant and the server authenticate each other using a certificate. This enables secure port authentication. [PEAP]: By this method, an EAP password is used for the supplicant authentication and a certificate is used for server authentication. Client certificate When TLS is selected as the EAP method, the client certificate is imported, displayed or deleted for the camera authentication. To import the client certificate Click [Choose File] to select the client certificate to be imported. The selected client certificate is imported to the camera. Note The import process becomes invalid if the selected file is not a client certificate or the imported client certificate is not allowed. 85