Generating a CRT key (SSL encryption key)
[CRT key generate]
<NOTE>
• A CRT key cannot be generated when self-signed certificates and
server certificates are enabled.
• The size of the key that can be used by the Certificate Authority (CA)
differs when using a server certificate. Confirm in advance the the size
of the key that can be used.
• Generating a CRT key takes about 1 minute for 1024 bit and about 2
minutes for 2048 bit. Do not operate the web browser until CRT key
generation is complete. Image display and communication speed may
reduce while generating a CRT key.
1.
Click the [Execute] button in [CRT key generate].
The [Current CRT key] dialog is displayed.
2.
The size of the generated CRT key is selected from
[1024bit]/[2048bit] in [CRT key generate] – [RSA key size].
<NOTE>
• When using a server certificate, the RSA key size must be in
accordance with the demands of the Certificate Authority (CA) which
will be applied to.
3.
Click the [Execute] button.
CRT key generation starts.
The length of the generated CRT key and the date/time that
generation completed are displayed in [Current CRT key] when CRT
key generation finishes.
<NOTE>
• Perform procedures 1 to 3 to change (update) the generated CRT
key. Because the CRT key, self-signed certificate and server
certificate are enabled as a set, it will be necessary to once again
generate a self-signed certificate or apply for a server certificate
when the CRT key is changed.
• When the CRT key is changed, previous CRT keys are historically
managed one at a time. Clicking the [History] button in the [CRT
key] of the [Current CRT key] dialog displays the [Previous CRT
key] dialog, allowing confirmation of the key size and the date and
time generation was completed.
Clicking the [Apply] button in [Previous CRT key] allows the
previous CRT key to be switched to the current CRT key.
Generating a self‑signed certificate (security
certificate)
[Self‑signed Certificate ‑ Generate]
<NOTE>
• A self-signed certificate cannot be generated when a CRT key has not
been generated.
1.
Click the [Execute] button in [Self‑signed Certificate] ‑
[Generate].
[Self-signed Certificate - Generate] is displayed.
2.
Input information relating to the certificate to be
generated.
Items to be entered are as follows.
Item
Description
Maximum number
of characters
Common Name
Inputs the camera address
or host name.
64 characters
Country
Inputs the country code.
(May be omitted)
2 characters:
country code
State
Inputs the name of the state.
(May be omitted)
128 characters
Locality
Inputs the name of the city.
(May be omitted)
128 characters
Organization
Inputs the name of the
organization.
(May be omitted)
64 characters
Organizational Unit
Inputs the name of the
organizational unit.
(May be omitted)
64 characters
CRT key
Displays the size of the
current CRT key and the
date and time generation
was completed.
<NOTE>
• Characters that can be input for [Common Name], [Country], [State],
[Locality], [Organization], [Organizational Unit] are 0 to 9, A to Z,
a to z, and the following symbols: -. _ , + / ( ).
• When connecting the camera to the Internet, set the address or
host name to be accessed from the Internet in [Common Name]. In
this case, when accessing the camera locally, a security warning
screen is displayed every time the camera is accessed even when a
security certificate is installed.
• When inputting the IPv6 address in [Common Name], surround the
address with [ ].
e.g. [2001:db8::10]
148
149
Web screen configurations (continued)