manualshive.com logo in svg

Motorola solutions Avigilon VMA-AIA1-CG1, User Manual

Share
Download
Motorola solutions Avigilon VMA-AIA1-CG1 User Manual Download Page 24

Managing Certificates

Trusted certificates are used by the device to authenticate other servers and clients to which it needs to
connect, and to secure those connections. Avigilon provides a self-signed Web Certificate to secure the
connection to the ACC ES Admin Web UI and to the WebEndpoint service, and a set of system-level signed
certificates from well-known trusted CAs to ensure secure connections to any needed servers. Optionally,
you can provide your own certificates and CAs.

The level of security provided by the certificates included with the device should be sufficient for any
organization that does not deploy a Public Key Infrastructure (PKI) on its internal servers.

The certificate management feature on the appliance controls only the appliance web certificate used by
the ACC ES Admin Web UI and the ACC WebEndpoint product. Within the ACC server the certificate
authorities configured by this feature are only used to validate secure email servers used by ACC Email and
Central Station Monitoring features. ACC Server to ACC Server and ACC Server to ACC Client connections
are not controlled or validated using the appliance certificate management feature.

For example, if your organization uses a public email server such as Google Mail, when email notifications
are triggered, ACC accesses the Google Mail server and receives a certificate identifying the Google Mail
server. The ACC software verifies the certificate by confirming the CA that signed the Google Mail
certificate is from the list of well-known trusted CAs, and the connection is secured.

Note:

The signed certificates shipped with the device are the same as those shipped with Mozilla's

browser, and are publicly available from

The Debian Project

The certificates allow SSL-based

applications to check for the authenticity of SSL connections. Avigilon can neither confirm nor deny
whether the certificate authorities whose certificates are included with this appliance have in any
way been audited for trustworthiness or RFC 3647 compliance. Full responsibility to assess them
belongs to the local system administrator.

Organizations that deploy their own PKI can use the Certificates pane of the ACC ES Admin Web UI to
manage certificates on the device.

For example, you can:

l

Replace the default self-signed Web Certificate with your own organization's certificate.

l

Add CAs, such as internal CAs used within your organization, to the device.

l

Disable (and enable) any of the system-level CA certificates.

Replacing the Web Certificate

Manage the device's Web Certificate from the Web Certificate tab on the Certificates pane. The
ACC ES Admin Web UI and the WebEndpoint service use this certificate to authenticate themselves to
devices that connect to them. Only one Web Certificate can be active at any time.

You can replace the default Web Certificate with a custom certificate.

Managing Certificates

20

Summary of Contents for Avigilon VMA-AIA1-CG1

Page 1: ...User Guide Avigilon Artificial Intelligence Appliance VMA AIA1 CG1 and VMA AIA1 CG2 ACC 6 10 and later with firmware releases 3 2 and later...

Page 2: ...ranted with respect to any copyright industrial design trademark patent or other intellectual property rights of Avigilon Corporation or its licensors This document has been compiled and published usi...

Page 3: ...igilon AI Appliance to a Site 10 Configuring the Appliance 11 Launching the ACC ES Admin Web UI 11 Managing ACC Services and Storage 13 Providing Service Logs for Support 13 Rebooting the Device and M...

Page 4: ...Troubleshooting 26 Cannot Discover the Device 26 Network Configuration 26 Checking System Health 26 For More Information 28 iv...

Page 5: ...s how to configure the system after the Avigilon AI Appliance has been powered and is connected the local area network Before You Start Avigilon recommends the use of an uninterruptible power supply U...

Page 6: ...ors on page 18 2 Bezel Must be installed on site 3 Bezel Lock Protects against unauthorized physical access 4 Power button Controls the power supply to the appliance 5 Video connector Accepts a VGA mo...

Page 7: ...6 Power supply Two hot swappable redundant power supply System Requirements Camera Frame Rate The Avigilon AI Appliance can provide analytics for non analytics cameras For optimal analytics performanc...

Page 8: ...for full video analytics processing throughput but up to four network connections are available to accommodate advanced site networking deployments l The Avigilon AI Appliance must be installed with...

Page 9: ...ed in a separate box InstallingtheSlidingRackRailsandCableManagementArm If the Avigilon AI Appliance will be kept in a server rack install the Sliding Rack Rails and the Cable Management Arm CMA provi...

Page 10: ...in Overview on page 2 for the location of the different connectors Make the following connections as required 1 Connect the Avigilon AI Appliance to your network using an Ethernet cable Note It is rec...

Page 11: ...ect status See LED Indicators on page 18 for more information 2 If you are configuring the device with a static IP address connect a DHCP enabled port on your configuring laptop with an Ethernet cable...

Page 12: ...Certificate Authorities CAs that are not provided with the device can be added and the signed certificates from CAs for public servers such as Google Mail that are provided with device can be disable...

Page 13: ...used to configure the device a Connect an Ethernet cable from the device to the corporate network port b Disconnect the configuring laptop from the camera network port 12 Connect the cameras to the Po...

Page 14: ...b lists all the sites that you can access and all the devices that are connected to each site If you do not see the site you want you may need to add the site 2 Locate the ACC site in the list into wh...

Page 15: ...he ACC ES Admin Web UI of your device use one of the following methods l Discovering the Device 1 Open the Network tab in File Explorer Windows or Finder Macintosh to locate the device You are looking...

Page 16: ...he panel provides technical information about your device product name part number serial number and firmware version Use the menu options under Services and System in the Dashboard navigation bar to...

Page 17: ...en you are prompted allow the system to restart Providing Service Logs for Support Use the Logs page to view service logs The logs are typically requested by Avigilon Technical Support to help resolve...

Page 18: ...tor password Note You cannot change the default administrator username on the ACC ES Admin Web UI only the password 1 To change your password confirm your identity by entering your current password in...

Page 19: ...rk connections are supported Any of the network connections can be used to join the Avigilon AI Appliance to an existing ACC site The appliance must be on a network where it can be discovered by the A...

Page 20: ...upport to help resolve an issue By default the page displays 100 warning messages from the Logs Typically Avigilon Technical Support assists you to access and filter the logs on this panel to isolate...

Page 21: ...able or offline The component status is unknown l Analytics Service An icon displays the ACC Analytics Service status The ACC Analytics Service is online The ACC Analytics Service was overloaded at so...

Page 22: ...out of range l fan failure Check that the fans are functioning correctly and the air vents are not blocked Electrical l Blinks orange there is an electrical error Errors include l voltage out of range...

Page 23: ...the LEDs indicate Figure 1 1 The power status indicator LED Indicator Description Off Power is not connected Green Power is supplied Flashing green The firmware update is being applied to the power su...

Page 24: ...es a certificate identifying the Google Mail server The ACC software verifies the certificate by confirming the CA that signed the Google Mail certificate is from the list of well known trusted CAs an...

Page 25: ...does not accept the CSR use the certificate issuer s preferred method to generate the CSR 2 After you receive the crt file containing the new certificate from the certificate issuer save it to a loca...

Page 26: ...nown trusted CAs to the ACC software when it tries to access the mail server The certificate cannot be verified unless a certificate signed by that CA is uploaded to the User Certificate Authorities t...

Page 27: ...ate to the About panel and click Firmware Updates Otherwise from a workstation connected to the Internet navigate to partners avigilon com and download the appropriate Avigilon AI Appliance firmware 2...

Page 28: ...el a firmware upgrade that is in progress only during the upload and verification phase Click Cancel upload before the file has uploaded Note If an error occurs during the upload phase or the upgrade...

Page 29: ...r of the appliance VGA connector for monitor USB connector for keyboard 2 Press the power button on the front of the appliance to powercycle the appliance and start the reboot process The Avigilon log...

Page 30: ...number Note The username and password for the Web Interface application is separate from the administrator username and password for the ACC Server 2 Display the server Setup tab At the top of the win...

Page 31: ...Support Avigilon warranty terms for this product are provided at avigilon com warranty Warranty service and technical support can be obtained by contacting Avigilon Technical Support avigilon com con...

Page 32: ...nformation For additional product documentation and software and firmware upgrades visit avigilon com support Technical Support Contact Avigilon Technical Support at avigilon com contact For More Info...

Reviews:

No comments

Brands by name

Popular brands

Load more brands