System Configuration Of 802.1X Network; Client Certificate - Sony Ipela SNC-WR630 User Manual
Hide thumbs
Also See for Ipela SNC-WR630:
- User manual (62 pages) ,
- Installation manual (2 pages) ,
- User manual (73 pages)
Table of Contents
Advertisement
• When using the 802.1X authentication function,
always configure the settings after setting the date and
time of the camera. If the date and time are incorrect,
port authentication may not be performed correctly.
System configuration of 802.1X
network
The following figure shows a general system
configuration of an 802.1X network.
Supplicant
Authenticator
Authentication
(camera)
(hub or router)
server + CA
Supplicant
A supplicant is a device that connects to the
authentication server to join the network. This camera
serves as a supplicant in the 802.1X network. The
supplicant can enter the 802.1X network after
appropriate authentication by the authentication server.
Authenticator
An authenticator forwards certificate request data or
response data that the supplicant or authentication server
issues to the other party. Normally a hub, router or
access point serves as an authenticator.
Authentication server
An authentication server has a database of connecting
users and verifies if the supplicant is a valid user or not.
It can also be called RADIUS server.
CA (Certificate Authority)
A CA issues and manages certificates of the
authentication server (CA certificates) and user
certificates. The CA is essential for certificate-based
user authentication. Normally a CA is located inside an
authentication server.
Note
This camera supports EAP mode in which the supplicant
and the server authenticate using the certificate. This
mode requires a CA to issue the certificate.
Common setting
Enable
Select the checkbox to enable the 802.1X authentication
function.
EAP identity
Type the user name to identify the client in the 802.1X
authentication server up to 250 characters.
EAP password
A supplicant EAP password is needed to be inputted
when PEAP is selected with EAP condition. The
password can contain half-width letters and the length
should be within 50 characters.
Reset
To change the once set EAP password, click Reset and
clear the current password. A new password can be
entered.
Note
After you click Reset, if you wish to cancel the EAP
password change, click Cancel at the bottom of the
screen. This will cancel other changes made to the
settings.
EAP method
You can select the authentication method used with the
authentication server. This device supports TLS and
PEAP.
TLS: By this method, the supplicant and the server
authenticate each other using a certificate. This
enables secure port authentication.
PEAP: By this method, an EAP password is used for the
supplicant authentication and a certificate is used for
server authentication.
Client certificate
When TLS is selected as the EAP method, the client
certificate is imported, displayed or deleted for the
camera authentication.
To import the client certificate
Click Browse… to select the client certificate to be
imported.
Click the OK button appearing on the dialog, and the
selected file will be imported to the camera.
Note
The import process becomes invalid if the selected file is
not a client certificate or the imported client certificate is
not allowed.
To display the information of the client
certificate
When the client certificate has been saved in the camera
correctly, its information appears on Status, Issuer DN,
Subject DN, Validity Period and Extended Key
Usage.
Page 43
Setting the Security — Security Menu
Hide quick links:
Advertisement
Table of Contents
