AXIS M1114–E
System Options
2. Select an HTTPS certi
fi
cate from the list of installed certi
fi
cates.
3. Optionally, click
Ciphers
and select the encryption algorithms to use for SSL.
4. Set the
HTTPS Connection Policy
for the different user groups.
5. Click
Save
to enable the settings.
To access the Axis product via the desired protocol, enter
https://
or
http://
in the address
fi
eld in a browser.
The HTTPS port can be changed on the
System Options > Network > TCP/IP > Advanced
page.
IEEE 802.1X
IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network
devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1X, devices must be authenticated. The authentication is performed by an authentication
server, typically a
RADIUS server
, examples of which are FreeRADIUS and Microsoft Internet Authentication Service.
In Axis implementation, the Axis product and the authentication server identify themselves with digital certi
fi
cates using EAP-TLS
(Extensible Authentication Protocol - Transport Layer Security). The certi
fi
cates are provided by a
Certi
fi
cation Authority
(CA).
You need:
• a CA certi
fi
cate to authenticate the authentication server
• a CA-signed client certi
fi
cate to authenticate the Axis product.
To create and install certi
fi
cates, go to
System Options > Security > Certi
fi
cates
. See
Certi
fi
cates, on page 32
. Many CA certi
fi
cates
are preinstalled.
To allow the product to access a network protected by IEEE 802.1X:
1. Go to
System Options > Security > IEEE 802.1X
.
2. Select a
CA Certi
fi
cate
and a
Client Certi
fi
cate
from the lists of installed certi
fi
cates.
3. Under
Settings
, select the EAPOL version and provide the EAP identity associated with the client certi
fi
cate.
4. Check the box to enable IEEE 802.1X and click
Save
.
Note
For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP
server. See
Date & Time, on page 33
.
Certi
fi
cates
Certi
fi
cates are used to authenticate devices on a network. Typical applications include encrypted web browsing (HTTPS), network
protection via IEEE 802.1X and secure upload of images and noti
fi
cation messages for example via email. Two types of certi
fi
cates
can be used with the Axis product:
Server/Client certi
fi
cates -
to authenticate the Axis product
CA certi
fi
cates -
to authenticate peer certi
fi
cates, for example the certi
fi
cate of an authentication server in case the Axis product is
connected to an IEEE 802.1X protected network.
Note
Installed certi
fi
cates, except preinstalled CA certi
fi
cates, will be deleted if the product is reset to factory default. Preinstalled
CA certi
fi
cates that have been deleted will be reinstalled.
A
Server/Client
certi
fi
cate can be self-signed or issued by a Certi
fi
cate Authority (CA). A self-signed certi
fi
cate offers limited
protection and can be used before a CA-issued certi
fi
cate has been obtained.
32
