Filter
Top Products
AXIS 215 PTZ/AXIS 215 PTZ-E - System Options
28
1. Click either Create self-signed certificate or Create Certificate Request and enter the required
information in the provided fields.
2. Click OK.
3. Create self-signed certificate generates and installs a certificate which will be displayed under Installed
Certificate.
Create Certificate Request generates a PEM formatted request which you copy and send to a CA for
signing. When the signed certificate is returned, click Install signed certificate... to install the certificate
in the AXIS 215 PTZ/AXIS 215 PTZ-E.
4. Set the HTTPS Connection Policy for the administrator, Operator and Viewer to enable HTTPS connection
(set to HTTP by default)
Please refer to the home page of your preferred CA for information on where to send the request etc. For more
information, please refer to the online help files
802.1X - Network Admission Control
IEEE 802.1X is an IEEE standard for port-based Network Admission Control. It provides authentication to
devices attached to a network port (wired or wireless), establishing a point-to-point connection, or, if
authentication fails, preventing access on that port. 802.1X is based on EAP (Extensible Authentication
Protocol).
In an 802.1X enabled network switch, clients equipp
ed with the correct software can be authenticated and
allowed or denied network access at the Ethernet level.
Clients and servers in an 802.1X network
may need to authenticate each other by some means. In the Axis
implementation this is done with the help of digital certificates provided by a Certification Authority. These are
then validated by a third-party entity, such as a RADIUS server, examples of which are Free Radius and
Microsoft Internet Authentication Service.
To perform the authentication, the RADIUS server uses various EAP methods/protocols, of
which there are
many. The one used in the Axis implementation is EAP-TLS (EAP-Transport Layer Security).
The AXIS network video device presents it
s certificate to the network switch, which in turn forwards this to the
RADIUS server. The RADIUS server validates or rejects the certificate and responds to the switch, and sends its
own certificate to the client for validation. The switch then allows or denies network access accordingly, on a
pre-configured port.
The authentication process
1. A CA server provides the required signed certificates.
2. The Axis video device requests access to the protected network at the network switch. The switch
forwards the video device’s CA certificate to the RADIUS server, which then replies to the switch.
3. The switch forwards the RADIUS server’s CA certificate to the video device, which also replies to the
switch.
4. The switch keeps track of all responses to the validation requests. If all certificates are validated, the
Axis video device is allowed access to the protected network via a pre-configured port.
RADIUS (Re
mote Authentication Dial In User Service) - AAA (Authentication, Authorization and Accounting)
protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming
situations.
CA servers - In cryptog
raphy, a Certification Authority (CA) is an entity that provides signed digital certificates
for use by other parties, thus acting a trusted third party. There are many commercial CA’s that charge for their
services. Institutions and governments may have their own CA, and there are free CA’s available.