Loading ...
Loading ...
Loading ...
AXISS3008MkIIRecorder
Thewebinterface
Certicatesareusedtoauthenticatedevicesonanetwork.Thedevicesupportstwotypesofcerticates:
•Client/servercerticates
Aclient/servercerticatevalidatesthedevice’sidentity,andcanbeself-signedorissuedbyaCerticateAuthority(CA).
Aself-signedcerticateofferslimitedprotectionandcanbeusedbeforeaCA-issuedcerticatehasbeenobtained.
•CAcerticates
YoucanuseaCAcerticatetoauthenticateapeercerticate,forexampletovalidatetheidentityofanauthentication
serverwhenthedeviceconnectstoanetworkprotectedbyIEEE802.1X.Thedevicehasseveralpre-installedCA
certicates.
Theseformatsaresupported:
•Certicateformats:.PEM,.CER,and.PFX
•Privatekeyformats:PKCS#1andPKCS#12
Important
Ifyouresetthedevicetofactorydefault,allcerticatesaredeleted.Anypre-installedCAcerticatesarereinstalled.
Filterthecerticatesinthelist.
Addcerticate:Clicktoaddacerticate.
•More:Showmoreeldstollinorselect.
•Securekeystore:SelecttouseSecureelementorTrustedPlatformModule2.0tosecurelystoretheprivatekey.For
moreinformationonwhichsecurekeystoretoselect,gotohelp.axis.com/en-us/axis-os#cryptographic-support.
•Keytype:Selectthedefaultoradifferentencryptionalgorithmfromthedrop-downlisttoprotectthecerticate.
Thecontextmenucontains:
•Certicateinformation:Viewaninstalledcerticate’sproperties.
•Deletecerticate:Deletethecerticate.
•Createcerticatesigningrequest:Createacerticatesigningrequesttosendtoaregistrationauthoritytoapply
foradigitalidentitycerticate.
Securekeystore
:
•Secureelement(CCEAL6+):Selecttousesecureelementforsecurekeystore.
•TrustedPlatformModule2.0(CCEAL4+,FIPS140-2Level2):SelecttouseTPM2.0forsecurekeystore.
IEEE802.1x
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexample,FreeRADIUSandMicrosoftInternetAuthenticationServer).
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,youmustinstallasignedclientcerticateonthedevice.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
12
Loading ...
Loading ...
Loading ...