To configure certificate-based authentication for CHAVE enabled cameras, you must add your certificate to the Certificate Store on the camera, and enable secure mode on the camera.
Procedure
-
Configure the extension in Security Center:
-
Select the Bosch extension with the same discovery port configured in the
camera.
If no extension matches the criteria, add a new Bosch extension.
- In the Default logon window, select Use HTTPS.
- Select Use Client Certificate.
- Click Certificate.
-
In the Certificates dialog box, select the certificate
you want to use.
NOTE: It should match the user configured in the camera in step 3d.
- Click Select.
NOTE: Unicast UDP and Multicast will not work if Encryption is not enabled on the archiver. -
Select the Bosch extension with the same discovery port configured in the
camera.
-
Add the trusted root certificate to the Certificate Store on your CHAVE enabled
camera:
- Open the camera's web page.
- Click Configuration > Service > CHAVE.
- Under File list, click Add > Upload certificate.
- Under Usage list, beside User authentication trusted, select your certificate from the Trusted certificates list.
- Click Set.
-
Add users that can log on to the camera:
- Open the camera's web page.
- Click Configuration > Service > CHAVE.
- Under User Management, click Add.
-
In the User dialog box, enter the User
Name, Level, and
Type.
IMPORTANT:
- The User name must match the Common Name of the certificate that is associated with the user. The Common Name (CN) can be found using the Certificate Manager of the server hosting the Security Center Directory role. The underscore character “_” is not allowed in common name in certificates.
- The Type must be set to Certificate.
- If no users are added, the first user to connect to the camera with a valid certificate is automatically added as an administrator (service) user.
- When using certificates for mutual authentication, ensure that the camera uses a trusted time base. If a time difference occurs, a client might be locked out and require a factory default to recover access to the camera.
-
Enable secure mode on your CHAVE enabled camera:
- Open the camera's web page.
- Click Configuration > Service > CHAVE.
- Under User Management, select the Enable secure mode option.
-
You are prompted to restart the camera.
IMPORTANT: Once the Enable secure mode option has been selected, only users with a valid certificate can access the camera. Logging on with a username and password does not work.
- Click Set.