AXISP3363–VNetworkCamera
SystemOptions
Certicates
CACerticateTheCAcerticateisusedtovalidatetheidentityoftheauthenticationserver.Enterthepathto
thecerticatedirectly,orlocatetheleusingtheBrowsebutton.ThenclickUpload.Toremove
acerticate,clickRemove.
Clientcerticate
Clientprivatekey
Theclientcerticateandprivatekeyareusedtoauthenticatethenetworkdevice.Theycanbe
uploadedasseparatelesorinonecombinedle(e.g.aPFXleoraPEMle).UsetheClient
privatekeyeldifuploadingonecombinedle.Foreachle,enterthepathtothele,orlocatethe
leusingtheBrowsebutton.ThenclickUpload.Toremoveale,clickRemove.
Settings
EAPOLversionSelecttheEAPOLversion(1or2)asusedinyournetworkswitch.
EAPidentityEntertheuseridentity(maximum16characters)associatedwithyourcerticate.
PrivatekeypasswordEnterthepassword(maximum16characters)fortheprivatekey.
EnableIEEE802.1XChecktheboxtoenabletheIEEE802.1Xprotocol.
IEEE802.1X
IEEE802.1Xisastandardforport-basedNetworkAdmissionControlprovidingsecureauthenticationofwiredandwirelessnetwork
devices.IEEE802.1XisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1X,devicesmustbeauthenticated.Theauthenticationisperformedbyanauthentication
server,typicallyaRADIUSserver,examplesofwhichareFreeRADIUSandMicrosoftInternetAuthenticationService.
InAxisimplementation,theAxisproductandtheauthenticationserveridentifythemselveswithdigitalcerticatesusingEAP-TLS
(ExtensibleAuthenticationProtocol-TransportLayerSecurity).ThecerticatesareprovidedbyaCerticationAuthority(CA).
Youneed:
aCAcerticatetoauthenticatetheauthenticationserver
aCA-signedclientcerticatetoauthenticatetheAxisproduct.
Tocreateandinstallcerticates,gotoSystemOptions>Security>Certicates.SeeCerticates,onpage43.ManyCAcerticates
arepreinstalled.
ToallowtheproducttoaccessanetworkprotectedbyIEEE802.1X:
1.GotoSystemOptions>Security>IEEE802.1X.
2.SelectaCACerticateandaClientCerticatefromthelistsofinstalledcerticates.
3.UnderSettings,selecttheEAPOLversionandprovidetheEAPidentityassociatedwiththeclientcerticate.
4.ChecktheboxtoenableIEEE802.1XandclickSave.
Note
Forauthenticationtoworkproperly,thedateandtimesettingsintheAxisproductshouldbesynchronizedwithanNTP
server.SeeDate&Time,onpage44.
Certicates
Certicatesareusedtoauthenticatedevicesonanetwork.Typicalapplicationsincludeencryptedwebbrowsing(HTTPS),network
protectionviaIEEE802.1Xandsecureuploadofimagesandnoticationmessagesforexampleviaemail.Twotypesofcerticates
canbeusedwiththeAxisproduct:
Server/Clientcerticates-toauthenticatetheAxisproduct
43