Axis P3265-LVE-3 User Manual page 53

AXIS P3265-LVE-3 License Plate Verifier Kit
The device interface
-
Security
Certificates
Certificates are used to authenticate devices on a network. The device supports two types of certificates:
• Client/server certificates
A client/server certificate validates the device's identity, and can be self-signed or issued by a Certificate Authority (CA).
A self-signed certificate offers limited protection and can be used before a CA-issued certificate has been obtained.
• CA certificates
You can use a CA certificate to authenticate a peer certificate, for example to validate the identity of an authentication
server when the device connects to a network protected by IEEE 802.1X. The device has several pre-installed CA
certificates.
These formats are supported:
• Certificate formats: .PEM, .CER, and .PFX
• Private key formats: PKCS#1 and PKCS#12
Important
If you reset the device to factory default, all certificates are deleted. Any pre-installed CA certificates are reinstalled.
Filter the certificates in the list.
Add certificate : Click to add a certificate.
The context menu contains:
• Certificate information: View an installed certificate's properties.
• Delete certificate: Delete the certificate.
• Create certificate signing request: Create a certificate signing request to send to a registration authority to apply
for a digital identity certificate.
IEEE 802.1x
IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless
network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by
an authentication server, typically a RADIUS server (for example FreeRADIUS and Microsoft Internet Authentication Server).
Certificates
When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself
regardless of what network it is connected to.
When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital
certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security).
To allow the device to access a network protected through certificates, a signed client certificate must be installed on the device.
Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the
client's identity.
Password for the account "initial": Enter the SNMP password for the account named "initial". Although the
password can be sent without activating HTTPS, we don't recommend it. The SNMP v3 password can only
be set once, and preferably only when HTTPS is enabled. Once the password is set, the password field is no
longer displayed. To set the password again, you must reset the device to factory default settings.
53