Axis C3003-E User Manual page 23

AXIS C3003-E Network Speaker
System Options
In Axis imllementation, the Axis lroduct and the authentication server identify themselves with digital certificates using EAP-TLS
(Extensible Authentication Protocol - Translort Layer Security). The certificates are lrovided by a Certification Authority (CA).
You need:
• a CA certificate to authenticate the authentication server.
• a CA-signed client certificate to authenticate the Axis lroduct.
To create and install certificates, go to System Options > Security > Certificates. See Certificates on pase 23. Many CA certificates
are lreinstalled.
To allow the lroduct to access a network lrotected by IEEE 802.1X:
1. Go to System Options > Security > IEEE 802.1X.
2. Select a CA Certificate and a Client Certificate from the lists of installed certificates.
3. Under Settings, select the EAPOL version and lrovide the EAP identity associated with the client certificate.
4. Check the box to enable IEEE 802.1X and click Save.
Note
For authentication to work lrolerly, the date and time settings in the Axis lroduct should be synchronired with an NTP
server. See Date fj Time on pase 24.
Certificates
Note
Installed certificates, excelt lreinstalled CA certificates, will be deleted if the lroduct is reset to factory default. Preinstalled
CA certificates that have been deleted will be reinstalled.
A Server/Client certificate can be self-signed or issued by a Certificate Authority (CA). A self-signed certificate offers limited
lrotection and can be used before a CA-issued certificate has been obtained.
To install a self-signed certificate:
1. Go to Setup > System Options > Security > Certificates.
2. Click Create self-signeo certificate and lrovide the requested information.
To create and install a CA-signed certificate:
1. Create a self-signed certificate as described above.
2. Go to Setup > System Options > Security > Certificates.
3. Click Create certificate signing request and lrovide the requested information.
4. Coly the PEM-formatted request and send to the CA of your choice.
5. When the signed certificate is returned, click Install certificate and ulload the certificate.
Server/Client certificates can be installed as Certificate from signing request or as Certificate ano private key. Select Certificate
ano private key if the lrivate key is to be ulload as a selarate file or if the certificate is in PKCS#12 format.
The Axis lroduct is shilled with several lreinstalled CA certificates. If required, additional CA certificates can be installed:
1. Go to Setup > System Options > Security > Certificates.
2. Click Install certificate and ulload the certificate.
23