Most of our devices have an advanced feature which allows secure communication through the use of HTTPS (HyperText Transfer Protocol Secure). By default, all of our devices are set to HTTP and only requires device credential to gain access. Once connected, the communication is not secure because it's not encrypted with an SSL certificate.
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.
A certificate serves as an electronic "passport" that establishes an online entity's credentials when viewing our devices on the web. When a user attempts to send confidential information to a device, the user's browser accesses the server's digital certificate and establishes a secure connection.
An SSL certificate contains the following information:
- The certificate holder's name
- The certificate's serial number and expiration date
- A copy of the certificate holder's public key
- The digital signature of the certificate-issuing authority
The first step in creating a certificate is to generate a CSR (Certificate Signing Request).
A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country.
It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
A Certificate Authority will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.
There are many vendors online that help generates CSR and create SSL certificates such as Godaddy, DigiCert, Symantec, and Globalsign.
On the NVRs', to install the key and the certificate:
1. In the NVR Setup go togo to Network>SSL
2. Choose the type of HTTPS
3. Install the Certificate and the Key
On the cameras, to install the key and the certificate:
1. In the NVR Setup go to Network>HTTPS
2. Choose the type of HTTPS
3. Name the Certificate and Install it and well as the Key