[KBA-78971] Adding a certificate to a SharpV from an unknown certificate authority - SharpV OS 12.x and SharpV OS 13.x - KB articles

Product
Security Center
Content type
KB articles
Language
English
Last updated
2026-03-03

[KBA-78971] Adding a certificate to a SharpV from an unknown certificate authority

You can add a certificate authority (CA) certificate to a SharpV unit so it can validate certificate chains signed by intermediate, enterprise, or certificate authorities that are not trusted by default on the SharpV system.

Applies to

SharpV OS 12.x and SharpV OS 13.x

Summary

Use the following steps if any of these conditions apply:
  • The certificate is signed by a CA that is not included in the Windows third‑party root certificate authorities trusted by the SharpV.
  • The certificate is signed by an intermediate CA and cannot be validated successfully after attempting to complete the certificate chain through the Sharp Portal.
  • Your organization uses its own PKI to issue certificates.
  • The signed certificate installs successfully, but does not appear in the Sharp Portal or cannot be managed from the portal.
NOTE: This example uses two certificate authorities to complete the chain of trust. Your system might have a different number of certificates.

Example

In the following example, the fictional company Contoso has its own certificate authority and manages the signatures. Inspecting the chain of trust, we see the certificate was signed using the Contoso private CA. This certificate signature is not recognized by default in Windows. The intermediate CA (Contoso Private Type 1 EU Primary Issuing CA) and root CA (Contoso Private Type 1 Root CA) must be added manually to complete the CSR operation.

Procedure

To apply a certificate signature over a CSR (using the Contoso example):
  1. Ensure that you have the root certificate and the primary issuing certificate. For example:
    • Contoso Private Type 1 Root CA
    • Contoso Private Type 1 EU Primary Issuing CA
  2. Log on to the Sharp Portal.
  3. On the Configuration > Security page, enable Remote assistance.
  4. Open a Remote Desktop Connection on the SharpV.
    1. From a computer on the same network as the SharpV, launch Remote Desktop Connection.
    2. Connect to the SharpV using the unit's IP address.
    3. The RDP password is the 32-character Unit Access Code on the yellow sticker that was provided with the SharpV camera.

  5. Add both certificate files to the E:/ drive of the SharpV.
  6. Import the root certificate.
    1. Right click on E:\ContosoPrivateType1EUPrimaryIssuingCA.crt then click Install Certificate.

      The Certificate Import Wizard opens.

    2. The wizard prompts you to select a store location. Select Local Machine and click Next.
    3. The wizard prompts you to select the certificate store you want to use. Select Place all certificates in the following store and click Browse.
    4. From the Select Certificate Store window, select Trusted Root Certification Authorities and click OK.
    5. Click Next to continue, and click Finish to close the wizard. The system displays the message "The import was successful".
  7. Import the primary issuing certificate.
    1. Right click on E:\ContosoPrivateType1RootCA.crt then click Install Certificate.

      The Certificate Import Wizard opens.

    2. The wizard prompts you to select a store location. Select Local Machine and click Next.
    3. The wizard prompts you to select the certificate store you want to use. Select Place all certificates in the following store and click Browse.
    4. From the Select Certificate Store window, select Trusted Root Certification Authorities and click OK.
    5. Click Next to continue, and click Finish to close the wizard. The system displays the message "The import was successful".
  8. To complete the signing request, import the signature into the Sharp Portal. For more information, see Installing a signed certificate.