Axis P3245 Series - Security; IEEE 802.1 x; Certificates

To Next Page

To Previous Page

AXISP3245NetworkCameraSeries

Thewebinterface

besetonce,andpreferablyonlywhenHTTPSisenabled.Oncethepasswordisset,thepasswordeldisno

longerdisplayed.Tosetthepasswordagain,youmustresetthedevicetofactorydefaultsettings.

Security

Certicates

Certicatesareusedtoauthenticatedevicesonanetwork.Thedevicesupportstwotypesofcerticates:

•Client/servercerticates

Aclient/servercerticatevalidatesthedevice’sidentity,andcanbeself-signedorissuedbyaCerticateAuthority(CA).

Aself-signedcerticateofferslimitedprotectionandcanbeusedbeforeaCA-issuedcerticatehasbeenobtained.

•CAcerticates

YoucanuseaCAcerticatetoauthenticateapeercerticate,forexampletovalidatetheidentityofanauthentication

serverwhenthedeviceconnectstoanetworkprotectedbyIEEE802.1X.Thedevicehasseveralpre-installedCA

certicates.

Theseformatsaresupported:

•Certicateformats:.PEM,.CER,and.PFX

•Privatekeyformats:PKCS#1andPKCS#12

Important

Ifyouresetthedevicetofactorydefault,allcerticatesaredeleted.Anypre-installedCAcerticatesarereinstalled.

Filterthecerticatesinthelist.

Addcerticate:Clicktoaddacerticate.

Thecontextmenucontains:

•Certicateinformation:Viewaninstalledcerticate’sproperties.

•Deletecerticate:Deletethecerticate.

•Createcerticatesigningrequest:Createacerticatesigningrequesttosendtoaregistrationauthoritytoapply

foradigitalidentitycerticate.

Securekeystore

•Secureelement(CCEAL6+):Selecttousesecureelementforsecurekeystore.

•TrustedPlatformModule2.0(CCEAL4+,FIPS140-2Level2):SelecttouseTPM2.0forsecurekeystore.

IEEE802.1x

IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless

networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).

ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby

anauthenticationserver,typicallyaRADIUSserver(forexample,FreeRADIUSandMicrosoftInternetAuthenticationServer).

Certicates

WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself

regardlessofwhatnetworkitisconnectedto.

Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital

certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).

Toallowthedevicetoaccessanetworkprotectedthroughcerticates,youmustinstallasignedclientcerticateonthedevice.

Related product manuals