Axis A1001 User Manual page 33

AXIS A1001 Network Door Controller & AXIS Entry Manager
System Options
To access the Axis product via the desired protocol, enter https:// or http:// in the address field in a browser.
The HTTPS port can be changed on the System Options > Network > TCP/IP > Advanced page.
IEEE 802.1X
IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network
devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1X, devices must be authenticated. The authentication is performed by an authentication
server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft Internet Authentication Service.
In Axis implementation, the Axis product and the authentication server identify themselves with digital certificates using EAP-TLS
(Extensible Authentication Protocol - Transport Layer Security). The certificates are provided by a Certification Authority (CA).
You need:
• a CA certificate to authenticate the authentication server.
• a CA-signed client certificate to authenticate the Axis product.
To create and install certificates, go to Setup > Additional Controller Configuration > System Options > Security > Certificates.
See Certificates, on page 33. Many CA certificates are preinstalled.
To allow the product to access a network protected by IEEE 802.1X:
1. Go to Setup > Additional Controller Configuration > System Options > Security > IEEE 802.1X.
2. Select a CA Certificate and a Client Certificate from the lists of installed certificates.
3. Under Settings, select the EAPOL version and provide the EAP identity associated with the client certificate.
4. Check the box to enable IEEE 802.1X and click Save.
Note
For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP
server. See Date & Time, on page 34.
Certificates
Certificates are used to authenticate devices on a network. Typical applications include encrypted web browsing (HTTPS), network
protection via IEEE 802.1X and secure upload of images and notification messages for example via email. Two types of certificates
can be used with the Axis product:
Server/Client certificates - To authenticate the Axis product.
CA certificates - To authenticate peer certificates, for example the certificate of an authentication server in case the Axis product is
connected to an IEEE 802.1X protected network.
Note
Installed certificates, except preinstalled CA certificates, will be deleted if the product is reset to factory default. Preinstalled
CA certificates that have been deleted will be reinstalled.
A Server/Client certificate can be self-signed or issued by a Certificate Authority (CA). A self-signed certificate offers limited
protection and can be used before a CA-issued certificate has been obtained.
To install a self-signed certificate:
1. Go to Setup > Additional Controller Configuration > System Options > Security > Certificates.
2. Click Create self-signed certificate and provide the requested information.
To create and install a CA-signed certificate:
33