Enabling fusion stream encryption (Advanced) - Security Center 5.11

Security Center Hardening Guide 5.11

Applies to
Security Center 5.11
Last updated
2022-10-12
Content type
Guides > Administrator guides
Language
English (United States)
Product
Security Center
Version
5.11

To protect the privacy of your data, you can enable fusion stream encryption.

Before you begin

Request and install the encryption certificates on the client machines authorized to access your company's private data.

What you should know

Only the public portion of the certificate must be installed on the Archiver.
Encryption certificates are applied through Config Tool. It is not necessary to install certificates on the Archiver server. To apply certificates, Config Tool must have access to the required certificates in the certificate store on the local machine, or exported certificate (.cer) files.
IMPORTANT: To enable encryption, you must add at least one certificate to the Archiver.

Procedure

  1. From the Config Tool homepage, open the Video task, and click the Roles and units view.
  2. Do one of the following:
    • To enable encryption for all cameras connected to an Archiver, select an Archiver role to configure, and click the Camera default settings tab.
    • To enable encryption for a specific a camera, select the camera, click the Recording tab, and then ensure Recording settings is set to Custom settings.
  3. Click Show advanced settings and set Encryption to In transit and at rest.
  4. Under the Certificates table, click Add an item ().
    The Select certificate dialog box opens.
  5. If the encryption certificates are already installed to the certificate store on the local machine, select them from the Installed certificates table, and click OK.
  6. If the encryption certificates are not installed, find and install them:
    1. Select Browse certificate file, and click Browse certificate file (.
      The Open dialog box opens.
    2. Navigate to the folder where the certificates files are saved.
      The browser looks for X.509 Certificates files by default. If you do not find the required files, set it to look for Personal Information Exchange files instead.
    3. Select the certificates to install, and click Open.
    4. If a certificate file is password-protected, click the advanced show icon () and enter the password.
    5. (Optional) Click Validate file to ensure the selected certificate is capable of encrypting and decrypting video.
      NOTE: To validate decryption, the private key must be accessible to Config Tool during the test.
    6. Click OK.
  7. Click Apply.

Results

The Archivers start encrypting all data streamed from the selected cameras. Only client workstations with one or more of the configured certificates are able to view the encrypted streams from now on.