Preventing compromised certificates from being used in your system - Security Center 5.11

If you suspect that a fusion stream encryption certificate has been compromised, you can prevent that certificate from being used to access your encrypted video by removing it from the Archiver and deleting all key streams that were generated with that certificate.

1. From the Config Tool homepage, open the Video task and click the Roles and units view.
2. Do one of the following:
   • If encryption is configured at the Archiver level, select the Archiver and click the Camera default settings tab.
   • If encryption is configured at the camera level, select the camera and click the Recording tab.
3. From the Certificates list, select the compromised certificate, and click Remove the item ().
   NOTE: You cannot enable In transit and at rest encryption if there are no configured certificates.
4. Click Apply.
5. In the message box that appears, do one of the following:
   • Click Yes to delete the selected certificate and the associated key streams (client-specific key streams).

     This option is highly recommended if your certificate has been compromised. It prevents client machines from accessing any encrypted data with the associated certificate.

     CAUTION:
     If you remove the only certificate used to generate key streams, you will permanently loose access to the encrypted data.
   • Click No to only delete the selected certificate from the Archiver, not the associated key streams.

     This option stops video encryption with the selected certificate. New video cannot be decrypted with the compromised certificate. However, all data that was encrypted before removing this certificate remains available to client machines that have the certificate installed.

6. Click Apply.