Encrypting connection to the SharpOS 12.7 Portal using a signed certificate - SharpV | SharpOS 12.7

AutoVu Handbook for SharpV Fixed Installations 12.7

series
SharpV | SharpOS 12.7
revised_modified
2019-08-21

You can secure the SharpV Portal connection by configuring the camera in secure HTTP mode (HTTPS) using a certificate that has been signed by a trusted certificate authority. A certificate must be installed on workstations that must connect to the Sharp Portal and on the server hosting the Archiver role.

Before you begin

  • Read about why the connection to the SharpV Portal should be encrypted.
    IMPORTANT: If your Security Center version is 5.3 SR3 or higher, if you want to add the SharpV to the Archiver using HTTPS, you must modify the Archiver's HTTPS options using the instructions in the Knowledge Base article KBA01405.
  • Configure the camera's network configuration to use a static IP address before you install a certificate.
    NOTE: IPv6 static addresses are not supported.

What you should know

  • Your organization's security policy might require that you install either the camera's auto-generated self-signed certificate, or a signed certificate from a trusted certificate authority.
  • You can access the Sharp Portal without installing a certificate, but the browser will indicate that the site is not trusted.
  • If a certificate signature is issued by a certificate authority that is not included in the list of Windows of third-party root certificate authorities (CA), or if your organization has its own public key infrastructure (PKI) which manages signatures, you must add the CA to the platform software running on the SharpV so that the host can validate the chain of trust. For more information, see KBA-78971: Adding a certificate to a pre-12.8 SharpV from an unknown certificate authorityon the Genetecâ„¢ TechDoc Hub.
  • You can install multiple certificates and then select a certificate to activate.
    IMPORTANT: If the current certificate is a signed certificate, deleting the certificate signing request prevents the certificate from being reinstalled.
  • If the IP address of the SharpV changes, you must request a new certificate from the signing authority and install the new certificate.

Procedure

  1. Log on to the SharpV Portal.
  2. From the Configuration menu, select the Security page.
  3. Click + Signing request.
  4. Enter the required information for the certificate signing request and click OK.
    NOTE:
    • The "Country" field requires a two-letter country code.
    • If you are also using the certificate to connect to the Archiver, the Sharp's common name defined in the certificate must be the SharpV IP address, not the SharpV name.
    The message Operation succeeded is displayed and the signing request is added to the certificate list with not signed displayed for the Issuer.
  5. Click on the certificate to display the Certificate details.
  6. Click Copy to clipboard.
  7. Send the certificate signing request to a certificate authority.
    IMPORTANT: Do not delete the signing request if it has been used to request a certificate.

    You will receive an SSL certificate signed by the certificate authority.

  8. In the Certificate Details window, click Install signed certificate then browse to the certificate location and click Open.
  9. Click Save.
    The system displays the message "Installed signed certificate... successful".
  10. Refresh the browser (F5).
    The certificate is displayed in the Certificate list.
  11. Select the Active check box for the certificate and click Save and Reboot.
  12. Close all web browsers and open the Windows Task Manager to ensure that no browser processes are running in the background.
  13. Log on to the Sharp Portal. You are automatically logged on in HTTPS mode.
    A lock icon () in the browser's address bar indicates that you are now logged on to the SharpV with a secure connection.