Axis Communications Q7411 Camera Accessories User Manual

AXIS Q7411 Video Encoder
System Options
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol providing encrypted browsing.
HTTPS can also be used by users and clients to verify that the correct device is being accessed. The security level provided by
HTTPS is considered adequate for most commercial exchanges.
The Axis product can be congured to require HTTPS when users from different user groups (administrator, operator, viewer) log in.
To use HTTPS, an HTTPS certicate must rst be installed. Go to System Options > Security > Certicates to install and manage
certicates. See Certicates on page 49.
To enable HTTPS on the Axis product:
1. Go to System Options > Security > HTTPS
2. Select an HTTPS certicate from the list of installed certicates.
3. Optionally, click Ciphers and select the encryption algorithms to use for SSL.
4. Set the HTTPS Connection Policy for the different user groups.
5. Click Save to enable the settings.
To access the Axis product via the desired protocol, in the address eld in a browser, enter https:// for the HTTPS protocol
and http:// for the HTTP protocol.
The HTTPS port can be changed on the System Options > Network > TCP/IP > Advanced page.
IEEE 802.1X
IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network
devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1X, devices must be authenticated. The authentication is performed by an authentication
server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft Internet Authentication Service.
In Axis implementation, the Axis product and the authentication server identify themselves with digital certicates using EAP-TLS
(Extensible Authentication Protocol - Transport Layer Security). The certicates are provided by a Certication Authority (CA).
You need:
a CA certicate to authenticate the authentication server.
a CA-signed client certicate to authenticate the Axis product.
To create and install certicates, go to System Options > Security > Certicates. See Certicates on page 49. Many CA certicates
are preinstalled.
To allow the product to access a network protected by IEEE 802.1X:
1. Go to System Options > Security > IEEE 802.1X.
2. Select a CA Certicate and a Client Certicate from the lists of installed certicates.
3. Under Settings, select the EAPOL version and provide the EAP identity associated with the client certicate.
4. Check the box to enable IEEE 802.1X and click Save.
For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP
server. See Date & Time on page 49.