Table of Contents
Advertisement
AXIS P37-PLE Panoramic camera series
The web interface
Certificates are used to authenticate devices on a network. The device supports two types of certificates:
• Client/server certificates
A client/server certificate validates the device's identity, and can be self-signed or issued by a Certificate Authority (CA).
A self-signed certificate offers limited protection and can be used before a CA-issued certificate has been obtained.
• CA certificates
You can use a CA certificate to authenticate a peer certificate, for example to validate the identity of an authentication
server when the device connects to a network protected by IEEE 802.1X. The device has several pre-installed CA
certificates.
These formats are supported:
• Certificate formats: .PEM, .CER, and .PFX
• Private key formats: PKCS#1 and PKCS#12
Important
If you reset the device to factory default, all certificates are deleted. Any pre-installed CA certificates are reinstalled.
Filter the certificates in the list.
Add certificate : Click to add a certificate.
• More
• Secure keystore: Select to use Secure element or Trusted Platform Module 2.0 to securely store the private key. For
more information on which secure keystore to select, go to help.axis.com/en-us/axis-os#cryptographic-support.
• Key type: Select the default or a different encryption algorithm from the drop-down list to protect the certificate.
The context menu contains:
• Certificate information: View an installed certificate's properties.
• Delete certificate: Delete the certificate.
• Create certificate signing request: Create a certificate signing request to send to a registration authority to apply
for a digital identity certificate.
Secure keystore
:
• Secure element (CC EAL6+): Select to use secure element for secure keystore.
• Trusted Platform Module 2.0 (CC EAL4+, FIPS 140-2 Level 2): Select to use TPM 2.0 for secure keystore.
IEEE 802.1x
IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless
network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by
an authentication server, typically a RADIUS server (for example, FreeRADIUS and Microsoft Internet Authentication Server).
Certificates
When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself
regardless of what network it is connected to.
When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital
certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security).
To allow the device to access a network protected through certificates, you must install a signed client certificate on the device.
Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the
client's identity.
: Show more fields to fill in or select.
33
Advertisement
Table of Contents
