Configuring Bosch CHAVE enabled cameras for certificate-based authentication - Security Center 5.7 SR2

Security Center Video Unit Configuration Guide 5.7 SR2

Applies to
Security Center 5.7 SR2
Last updated
2018-04-04
Content type
Guides
Guides > User guides
Language
English (United States)
Product line
Security Center unified platform > Security Center
Version
5.7

To configure certificate-based authentication for CHAVE enabled cameras, you must add your certificate to the Certificate Store on the camera, and enable secure mode on the camera.

Procedure

  1. Configure the extension in Security Center:
    1. Select the Bosch extension with the same discovery port configured in the camera.
      If no extension matches the criteria, add a new Bosch extension.
    2. In the Default logon window, select Use HTTPS.
    3. Select Use Client Certificate.
    4. Click the Certificate button.
    5. In the Certificates dialog box, select the certificate you want to use.
      NOTE: It should match the user configured in the camera in step 3d.
    6. Click Select.
    NOTE: Unicast UDP and Multicast will not work if Encryption is not enabled on the archiver.
  2. Add the trusted root certificate to the Certificate Store on your CHAVE enabled camera:
    1. Open the camera's web page.
    2. Click Configuration > Service> CHAVE.
    3. Under File list, click Add > Upload certificate.
    4. Under Usage list, beside User authentication trusted, select your certificate from the Trusted certificates drop-down list.
    5. Click Set.
  3. Add users that can log on to the camera:
    1. Open the camera's web page.
    2. Click Configuration > Service> CHAVE.
    3. Under User Management, click Add.
    4. In the User dialog box, enter the User Name, Level, and Type.
      IMPORTANT:
      • The User name must match the Common Name of the certificate that is associated with the user. The Common Name (CN) can be found using the Certificate Manager of the server hosting the Security Center Directory role. The underscore character “_” is not allowed in common name in certificates.
      • The Type must be set to Certificate.
      • If no users are added, the first user to connect to the camera with a valid certificate is automatically added as an administrator (service) user.
      • When using certificates for mutual authentication, ensure that the camera uses a solid and trusted time base. If the time differs too much from the actual time, a client might be locked out. Then, only a factory default will recover access to the camera.
  4. Enable secure mode on your CHAVE enabled camera:
    1. Open the camera's web page.
    2. Click Configuration > Service> CHAVE.
    3. Under User Management, select the Enable secure mode option.
    4. You are prompted to restart the camera.
      IMPORTANT: Once the Enable secure mode option has been selected, only users with a valid certificate can access the camera. Logging on with a username and password does not work.
  5. Click Set.