196
AV7000 LINEAR CAMERA
Support for HTTPS Client Certificates
The AV Family cameras can act as an HTTPS clients, communicating with a remote
HTTPS server. The HTTPS connection is encrypted, so both client and server can be
assured that the data being sent is what the sender intended, and that no one is able to
eavesdrop.
Client Certificates come into play when you need to validate that the device at the other
end of the connection really is the device that it claims to be. Typically in HTTPS when
-
ever there's a reference to a signed SSL/TLS certificate, it is almost always a reference to
the signed cert on the HTTPS server. When your web browser (client) visits a website
such as amazon.com (server) there is a key exchange between the client and server that
lets the browser verify the remote server really is amazon.com, and that's what triggers
the browser to display the secure padlock. The user authenticity is then handled
through other means, such as logging into amazon with a username and password.
Client certificates allow the HTTPS server to verify the connection is from a real AV cam-
era. The camera is still the HTTPS client, but it has a private certificate that it uses in the
HTTPS handshake with the remote HTTPS server. The server can then verify that the cli
-
ent is 'valid' and not a random actor attempting to connect. This is supported in HTTPS,
but used less often then the server-side cert.
When using certs there are two different encryption keys: one private, one public. As
the names imply, the public can be shared with anyone. The private key should be kept
secret, as the entire trust chain is based on ONLY the real owner of the cert having
access to that private key. If anyone else gets a hold of the private key, it could be imper
-
sonated.
To Next Page
Loading...
Need help?
General
