Encrypting connection to the SharpOS 11.8 Portal using a signed certificate - SharpOS 11.8

Sharp Administrator Guide 11.8

series
SharpOS 11.8
revised_modified
2020-04-22

You can secure the Sharp Portal and Archiver connection by configuring it in secure HTTP mode (HTTPS) using a certificate that has been signed by a trusted certificate authority.

Before you begin

  • If you already have a certificate installed, you must delete it and then restart the Sharp.
  • Read about why the connection to the Sharp Portal should be encrypted.
  • IMPORTANT: If your Security Center version is 5.3 SR3 or higher, if you want to add the Sharp unit to the Archiver using HTTPS, you must modify the Archiver's HTTPS options using the instructions in the Knowledge Base article KBA01405.

What you should know

  • The first time you log on to the Sharp web portal, the system logs you on using HTTP mode (no certificate). Your organization's security policy might require that you configure either a self-signed certificate or a signed certificate from a trusted certificate authority.
  • To install a certificate on a client machine, you require Administrator rights.
  • You must install the certificate on all machines that communicate with the SharpV camera, which includes the LPR Manager, the Archiver, and all machines that connect to the web portal
  • To install a certificate, the camera must be in HTTP mode and any existing certificate must be deleted. If a certificate is already installed, you must clear the Use HTTPS check box in Configuration > Security settings. After you reboot the camera, you must delete the currently installed certificate from Configuration > Security settings.

Procedure

  1. Log on to the Sharp web portal as an Administrator.
  2. Click the Configuration page.
  3. Under Security settings, click Show settings.
  4. From the Security Settings section, click Create a certificate signing request...
  5. Enter the required information for the certificate.
    NOTE:
    • The Server name and IP address are added by default, and will allow you to browse securely using either the machine name or the IP address.
    • You must enter a two-letter Country code. The remaining fields are optional.
    • If you are also using the certificate to connect to the Archiver, the Server name defined in the certificate must be the Sharp IP address, not the Sharp name.
  6. Click OK.
    The system generates the signing request.
  7. From the Security settings window, click Show request…
  8. In the Certificate signing request window, copy the text string in the Certificate signing request (including the “----BEGIN NEW CERTIFICATE----”) to your clipboard.
  9. Send the Certificate signing request to a certificate authority.

    You will receive an SSL certificate signed by the certificate authority.

    NOTE: If your certificate authority is not recognized by Windows, when you log on to the Sharp Portal, you will receive a warning saying there is a problem with the website’s security certificate. You can disregard the warning (rest assured the connection is encrypted), or install the certificate on the client machine.
  10. After you have received the signed certificate, return to the Security settings window, click Install certificate..., then select your signed certificate.

    If the certificate is successfully installed, you receive the message: Installation complete. Save the configuration and the reboot the Sharp. Click OK.

    NOTE:

    The certificate appears in the Security settings window.

  11. Click OK.
  12. From the Security settings section in the Sharp portal's Configuration page, select Use HTTPS.
  13. The message You must reboot the Sharp for the changes to take effect is displayed. Click OK.
  14. Click the Save button at the top of the Configuration page.
  15. A message is displayed confirming that the Plate Reader service will be restarted. Click OK.
  16. Click on the Status page. From the Actions section, select Reboot Sharp, and click OK.
  17. Log on to the Sharp Portal using HTTPS in the address bar instead of HTTP.
    A lock icon () in the browser's address bar indicates that you are now logged on to the Sharp with a secure connection.

After you finish

As a best practice, change your password after configuring the Sharp for HTTPS communication.