AXIS M1143–L

System Options

Certificates

 

CA Certificate

The CA certificate is used to validate the identity of the authentication server. Enter the path to

 

the certificate directly, or locate the file using the Browse button. Then click Upload. To remove

 

a certificate, click Remove.

Client certificate

The client certificate and private key are used to authenticate the network device. They can be

Client private key

uploaded as separate files or in one combined file (e.g. a PFX file or a PEM file). Use the Client

 

private key field if uploading one combined file. For each file, enter the path to the file, or locate the

 

file using the Browse button. Then click Upload. To remove a file, click Remove.

Settings

 

EAPOL version

Select the EAPOL version (1 or 2) as used in your network switch.

EAP identity

Enter the user identity (maximum 16 characters) associated with your certificate.

Private key password

Enter the password (maximum 16 characters) for the private key.

Enable IEEE 802.1X

Check the box to enable the IEEE 802.1X protocol.

IEEE 802.1X

IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).

To access a network protected by IEEE 802.1X, devices must be authenticated. The authentication is performed by an authentication server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft Internet Authentication Service.

In Axis implementation, the Axis product and the authentication server identify themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). The certificates are provided by a Certification Authority (CA). You need:

a CA certificate to authenticate the authentication server

a CA-signed client certificate to authenticate the Axis product.

To create and install certificates, go to System Options > Security > Certificates. See Certificates on page 35. Many CA certificates are preinstalled.

To allow the product to access a network protected by IEEE 802.1X:

1.Go to System Options > Security > IEEE 802.1X.

2.Select a CA Certificate and a Client Certificate from the lists of installed certificates.

3.Under Settings, select the EAPOL version and provide the EAP identity associated with the client certificate.

4.Check the box to enable IEEE 802.1X and click Save.

Note

For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP server. See Date & Time on page 36.

Certificates

Certificates are used to authenticate devices on a network. Typical applications include encrypted web browsing (HTTPS), network protection via IEEE 802.1X and secure upload of images and notification messages for example via email. Two types of certificates can be used with the Axis product:

Server/Client certificates - to authenticate the Axis product

35

Page 34 Page 36
Page 35
Image 35
Axis Communications axis user manual Certificates
Page 34 Page 36
Top Page Image Contents