AXIS Q1615-E Mk II Network Camera
System Options
The Axis product can be congured to require HTTPS when users from different user groups (administrator, operator, viewer) log in.
To use HTTPS, an HTTPS certicate must rst be installed. Go to System Options > Security > Certicates to install and manage
certicates. See About certicates on page 57.
To enable HTTPS on the Axis product:
1. Go to System Options > Security > HTTPS
2. Select an HTTPS certicate from the list of installed certicates.
3. Optionally, click Ciphers and select the encryption algorithms to use for SSL.
4. Set the HTTPS Connection Policy for the different user groups.
5. Click Save to enable the settings.
To access the Axis product via the desired protocol, in the address eld in a browser, enter https:// for the HTTPS protocol
and http:// for the HTTP protocol.
The HTTPS port can be changed on the System Options > Network > TCP/IP > Advanced page.
IEEE 802.1X
IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network
devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1X, devices must be authenticated. The authentication is performed by an authentication
server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft Internet Authentication Service.
In Axis implementation, the Axis product and the authentication server identify themselves with digital certicates using EAP-TLS
(Extensible Authentication Protocol - Transport Layer Security). The certicates are provided by a Certication Authority (CA).
You need:
• a CA certicate to authenticate the authentication server.
• a CA-signed client certicate to authenticate the Axis product.
To create and install certicates, go to System Options > Security > Certicates. See About certicates on page 57. Many CA
certicates are preinstalled.
To allow the product to access a network protected by IEEE 802.1X:
1. Go to System Options > Security > IEEE 802.1X.
2. Select a CA Certicate and a Client Certicate from the lists of installed certicates.
3. Under Settings, select the EAPOL version and provide the EAP identity associated with the client certicate.
4. Check the box to enable IEEE 802.1X and click Save.
Note
For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP
server. See Date & Time on page 58.
About certicates
Certicates are used to authenticate devices on a network. Typical applications include encrypted web browsing (HTTPS), network
protection via IEEE 802.1X and secure upload of images and notication messages for example via email. Two types of certicates
can be used with the Axis product:
Server/Client certicates - To authenticate the Axis product. A Server/Client certicate can be self-signed or issued by a Certicate
Authority (CA). A self-signed certicate offers limited protection and can be used before a CA-issued certicate has been obtained.
57