Client Certificate Tab; Eap Method; Tls Mode - Sony IPELA SNC-DF50N User Manual

Click Refresh to update the status.
EAP identity
Type the user name to identify the client in the 802.1X
authentication server using 3 to 253 characters.

EAP method

Shows the authentication method used with the
authentication server. It is fixed as this camera supports
only the TLS method.
OK/Cancel
See "Buttons common to every menu" on page 26.

Client certificate Tab

You can import a client certificate to the camera or
export a certificate request.

TLS mode

Select the TLS mode.
The EAP-TLS authentication performs certificate-based
authentication. It requires private key information
consisting of a key pair for the client certificate to store
in the camera. The TLS mode allows two modes
according to the acquirer of the key pair.
Use a key pair from a CA: Uses the certificate
including the private key information issued by a
CA. The PKCS#12 and PEM formats are supported.
Use the camera's built-in key pair: Uses the private
key information that is stored in the tamper-resistant
chip built in the camera. This mode is safety because
the private key information is not carried out at the
42
Using the 802.1X Authentication Function — 802.1X Menu
time of issuing the certificate request or importing
the certificate. Only the PEM format is supported in
this mode.
To use this mode, first obtain the certificate from the
CA by performing Export certificate request on
page 43.
Client certificate request
Import, display or delete the client certificate.
To import the client certificate
Click Browse... to select the client certificate to be
imported.
Then click Submit, and the selected file will be
imported to the camera.
Note
The import process becomes invalid if the selected file is
not a client certificate or the imported client certificate is
not allowed.
To display the information of the client
certificate
When the client certificate has been saved in the camera
correctly, its information appears on Status, Issuer DN,
Subject DN, Validity Period and Extended Key
Usage.
Status: Shows if the status of the client certificate is
valid or invalid.
Valid means the client certificate is correctly stored
and set.
Invalid means the client certificate is not correctly
stored and set.
Possible causes of Invalid are the following:
– When Use a key pair from a CA is selected and
the private key password included in the client
certificate is not specified correctly
– When Use a key pair from a CA is selected and
the private key password is specified in spite of the
fact that the key pair in the client certificate is not
encrypted.
– When Use a key pair from a CA is selected and
the key pair is not included in the client certificate.
– When Use the camera's built-in key pair is
selected and the client certificate issued
corresponding to Export certificate request is not
imported in the camera.
Note
When the client certificate to be imported is of
PKCS#12 format and the private key password is not set
correctly, "<Put correct private key password>" is
displayed in the boxes of Issuer DN, Subject DN,
Validity Period and Extended Key Usage. Specify the