Applies to: NVR, HTTPS Services
Summary:
Most of our devices have an advanced feature that allows secure communication through HTTPS (Hyper Text Transfer Protocol Secure). By default, all of our devices are set to HTTP and only require device credentials to gain access. You can choose a secured connection system or install a certificate.
Explanation of Behavior:
Setup > Network > HTTPS (Figure 1)
Figure 1
● Secure connection system: You can select a type of secure connection system based on the service environment and the security level.
HTTPS (Hypertext Transfer Protocol Secure) is a more secure version of HTTP that exchanges data through the encryption and decryption of the user's page request at the TLS (Transport Layer Security).
- HTTP (Does not use a secure connection): Transmits data without encryption.
- HTTPS (Secure connection mode using a unique certificate): Establishes a secure connection using a unique certificate provided by the recorder.
Note:
■ Mutual authentication: Mutual authentication can be performed to enhance security.
If you select <Allow all connections>, you can access the storage device even if mutual
authentication is not performed. If you select:
<Allow only mutually authenticated connections>, you can access the storage device only
when mutual authentication was successful.
- HTTPS (Secure connection mode using the public certificate): This mode establishes a secure connection using a public certificate. You can select this after installing a public certificate.
● TLS settings: You can select the Cipher mode or TLS version for encrypted communication.
- Cipher mode: Cipher suites are provided by combining different algorithms for use in TLS-encrypted communications, such as key exchange, authentication, and encryption.
- <Secure cipher suites only> uses only high-security cipher suites.
- For backward compatibility, select <All compatible cipher suites>. However, security may be poor, as it includes all cipher suites, whether secure or not.
- Version: You can select the TLS protocol version to use for encrypted communication.
■ If <Cipher mode> is set as <Secure cipher suites only>, you can select only <TLS 1.2> or <TLS 1.3>.
■ If the recorder is connected to the external internet or installed in an environment with high priority for security, making a secure connection is recommended.
● Install a public certificate: You can scan and register a public certificate to be installed. To install a certificate, you must install a certificate file or key file issued by a certificate authority. Click <install> to register the certificate.
■ You cannot install or delete a public certificate in the <HTTPS (Secure connection mode using the public certificate)> mode. Change to <HTTP (Does not use a secure connection)> or <HTTPS (Secure connection mode using a unique certificate)> mode before proceeding.
■ Install the certificate file extension as .crt and the key file extension as .key.
■ Use the PEM format generated by RSA (2048 or higher recommended) or ECC for certificate and key files.
■ Use PKCS#1 or PKCS#8 without a password for certificate and key files.