AXIS P3384–V Fixed Dome Network Camera
System Options
2. Select an HTTPS certificate from the list of installed certificates.
3. Optionally, click
Ciphers
and select the encryption algorithms to use for SSL.
4. Set the
HTTPS Connection Policy
for the different user groups.
5. Click
Save
to enable the settings.
To access the Axis product via the desired protocol, enter
https://
or
http://
in the address field in a browser.
The HTTPS port can be changed on the
System Options > Network > TCP/IP > Advanced
page.
IEEE 802.1X
IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network
devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1X, devices must authenticate themselves. The authentication is performed by a
third-party entity called an authentication server, typically a
RADIUS server
, examples of which are FreeRADIUS and Microsoft
Internet Authentication Service.
In Axis' implementation, the network device and the authentication server authenticate themselves with the help of digital
certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). The certificates are provided by an
Certification Authority
(CA). You need:
•
a CA certificate to validate the identity of the authentication server
•
a CA-signed client certificate and a private key to authenticate the network device.
To allow the network device to access a network protected by IEEE 802.1X:
1. Obtain a CA certificate, a client certificate and a client private key (contact your network administrator).
2. Go to
Setup > System Options > Security > IEEE 802.1X
and upload the CA certificate, the client certificate and the
client private key.
3. Under
Settings
, select the EAPOL version, provide your EAP identity and private key password.
4. Check the box to enable IEEE 802.1X and click
Save
.
Certificates
CA Certificate
The CA certificate is used to validate the identity of the authentication server. Enter the path to
the certificate directly, or locate the file using the
Browse
button. Then click
Upload
. To remove
a certificate, click
Remove
.
Client certificate
Client private key
The client certificate and private key are used to authenticate the network device. They can be
uploaded as separate files or in one combined file (e.g. a PFX file or a PEM file). Use the
Client
private key
field if uploading one combined file. For each file, enter the path to the file, or locate the
file using the
Browse
button. Then click
Upload
. To remove a file, click
Remove
.
Settings
EAPOL version
Select the EAPOL version (1 or 2) as used in your network switch.
EAP identity
Enter the user identity (maximum 16 characters) associated with your certificate.
Private key password
Enter the password (maximum 16 characters) for the private key.
Enable IEEE 802.1X
Check the box to enable the IEEE 802.1X protocol.
45