Encrypting connection to the SharpOS 11.8 Portal using a self-signed certificate - SharpOS 11.8

Sharp Administrator Guide 11.8

series
SharpOS 11.8
revised_modified
2020-04-22

You can secure the Sharp Portal and Archiver connection by configuring it in secure HTTP mode (HTTPS) using the self-signed Sharp certificate.

Before you begin

  • If you already have a certificate installed, you must delete it and then restart the Sharp.
  • Read about why the connection to the Sharp Portal should be encrypted.
  • IMPORTANT: If your Security Center version is 5.3 SR3 or higher, if you want to add the Sharp unit to the Archiver using HTTPS, you must modify the Archiver's HTTPS options using the instructions in the Knowledge Base article KBA01405.

What you should know

  • The first time you log on to the Sharp web portal, the system logs you on using HTTP mode (no certificate). Your organization's security policy might require that you configure either a self-signed certificate or a signed certificate from a trusted certificate authority.
  • To install a certificate on a client machine, you require Administrator rights.
  • You must install the certificate on all machines that communicate with the SharpV camera, which includes the LPR Manager, the Archiver, and all machines that connect to the web portal
  • To install a certificate, the camera must be in HTTP mode and any existing certificate must be deleted. If a certificate is already installed, you must clear the Use HTTPS check box in Configuration > Security settings. After you reboot the camera, you must delete the currently installed certificate from Configuration > Security settings.

Procedure

  1. Log on to the Sharp web portal as an Administrator.
  2. Click the Configuration page.
  3. Under Security settings, click Show settings.
  4. From the Security Settings section, click Create self-signed certificate…
  5. Enter the required information for the certificate.
    NOTE:
    • The Server name and IP address are added by default, and will allow you to browse securely using either the machine name or the IP address.
    • You must enter a two-letter Country code. The remaining fields are optional.
    • If you are also using the certificate to connect to the Archiver, the Server name defined in the certificate must be the Sharp IP address, not the Sharp name.
  6. Click OK.
    The system generates the self-signed certificate.
  7. From the Security settings window, click Download self-signed certificate… and select a location to save the generatedcertificate.cer file.
  8. Open the certificate, review the details, and click Install Certificate…
  9. The Certificate Import Wizard prompts you to select a store location. Select Local Machine and click Next.
  10. The wizard prompts you to select the certificate store you want to use. Select Place all certificates in the following store and click Browse.
  11. From the Select Certificate Store window, select Trusted root certification Authorities and click OK.
  12. Click Next to continue, and click Finish to close the Certificate Import Wizard.
    The system displays the message "The import was successful."

    If you see a warning indicating that there is a problem with the website's security certificate, note that for the certificate to be properly registered, you must be logged on as an Administrator on the machine where you want to register the certificate.

  13. Click OK to close the Certificate window.
  14. Click OK to close the Security Settings window.
  15. From the Security settings section in the Sharp portal's Configuration page, select Use HTTPS.
  16. The message You must reboot the Sharp for the changes to take effect is displayed. Click OK.
  17. Click the Save button at the top of the Configuration page.
  18. A message is displayed confirming that the Plate Reader service will be restarted. Click OK.
  19. Click on the Status page. From the Actions section, select Reboot Sharp, and click OK.
  20. When the Sharp has finished rebooting, log in to the Sharp Portal.
    A lock icon () in the browser's address bar indicates that you are now logged on to the Sharp with a secure connection.

After you finish

As a best practice, change your password after configuring the Sharp for HTTPS communication.