2020 R1Archive
  • All Files

This page is not yet available in your language.

Enable encryption

Enable encryption to clients and servers

You can encrypt connections from the recording server to clients and servers that stream data from the recording server. For more information, see Secure communication (explained).

ClosedRequirements:
  • A server authentication certificate is trusted on all computers running services that retrieve data streams from the recording server
  • XProtect Smart Client and all services that retrieve data streams from the recording server must be upgraded to version 2019 R1 or later
  • Some third-party solutions created using MIP SDK versions earlier than 2019 R1 may need to be updated

Steps:

  1. On the computer that runs the recording server, right-click the Recording Server Manager icon in the notification area.
  2. Select Stop Recording Server service.
  3. Right-click the Recording Server Manager icon again and select Change Settings.

    The Recording Server Settings window appears.

  4. At the bottom, specify encryption settings for the recording server:


    • Encrypt connections from clients and servers that retrieve data streams from the recording server: Before you enable encryption, read the requirements listed in this topic
    • Select a certificate: Contains a list of unique subject names of certificates installed on the local computer in the Windows Certificate Store that has a private key.

      The recording server service user has been given access to the private key. It is required that this certificate is trusted on all clients.

    • Details: Click to view Windows Certificate Store information about the selected certificate

  5. Click OK.
  6. To start the Recording Server service again, right-click the Recording Server icon and select Start Recording Server service.

Stopping the Recording Server service means that you cannot record and view live video while you are verifying or changing the recording server's basic configuration.

To verify if the recording server uses encryption, see View encryption status to clients.

Enable encryption to the management server

You can encrypt the two-way connection between the management server and the recording server. If your system contains multiple recording servers, you must enable encryption on all the recording servers. For more information, see Secure communication (explained).

ClosedRequirements:
  • A server authentication certificate is trusted on all recording servers

  • All recording servers must be upgraded to version 2019 R1 or later

First you enable encryption on the management server.

Steps:

  1. On the computer that runs the management server, right-click the Management Server Manager icon in the notification area.
  2. Select Management Server service.
  3. Right-click the Management Server Manager icon again and select Change encryption settings.

    The Management server encryption settings window appears.

  4. Specify encryption settings for the recording server:
    • Encrypt connections from the recording servers to the management server: Before you enable encryption, read the requirements listed in this topic
    • Select a certificate: Contains a list of unique subject names of certificates installed on the local computer in the Windows Certificate Store that has a private key, and the CA certificate must be trusted on the management server.
    • Details: Click to view Windows Certificate Store information about the selected certificate
  5. Click OK.
  6. To start the Management Server service again, right-click the Management Server Manager icon and select Start Management Server service.

To complete the enabling of encryption, next step is to update the encryption settings on each recording server. For more information, see Enable encryption from the management server.

Enable encryption from the management server

You can encrypt the two-way connection between the management server and the recording server. If your system contains multiple recording servers, you must enable encryption on all the recording servers. For more information, see Secure communication (explained).

ClosedRequirements:
  • A server authentication certificate is trusted on the management server
  • All recording servers must be upgraded to version 2019 R1 or later
  • You have enabled encryption on the management server, see Enable encryption to the management server

Steps:

  1. On the computer that runs the recording server, right-click the Recording Server Manager icon in the notification area.
  2. Select Stop Recording Server service.
  3. Right-click the Recording Server Manager icon again and select Change Settings.

    The Recording Server Settings window appears.

  4. At the bottom, specify encryption settings for the recording server:


    • Encrypt connections from the management server to the recording server: Before you enable encryption, read the requirements listed in this topic
    • You can select the Use one configuration for all server option, if you use the same certificate on all the servers.
    • Select a certificate: Contains a list of unique subject names of certificates installed on the local computer in the Windows Certificate Store that has a private key.
    • Details: Click to view Windows Certificate Store information about the selected certificate

  5. Click OK.
  6. In the Register on the management server dialog box, enter the address of the management server that you want the recording server to connect to and click OK. Default port number is 443.
  7. Enter the user name and password of a system administrator of XProtect and click OK.
  8. To start the Recording Server service again, right-click the Recording Server icon and select Start Recording Server service.

Stopping the Recording Server service means that you cannot record and view live video while you are verifying or changing the recording server's basic configuration.

Enable encryption on the mobile server

To use an HTTPS protocol for establishing secure connection between the mobile server and clients and services, you must apply a valid certificate on the server. The certificate confirms that the certificate holder is authorized to establish secure connections. For more information, see Mobile server data encryption (explained) and Mobile server encryption requirements for clients.

Certificates issued by CA (Certificate Authority) have a chain of certificates and on the root of that chain is the CA root certificate. When a device or browser sees this certificate, it compares its root certificate with pre-installed ones on the OS (Android, iOS, Windows, etc.). If the root certificate is listed in the pre-installed certificates list, then the OS ensures the user that the connection to the server is secure enough. These certificates are issued for a domain name and are not free of charge.

To enable encryption, after the mobile server has been installed:

  1. On a computer with a mobile server installed, right-click the Mobile Server Manager tray icon in the taskbar of the operating system and select Edit certificate.
  2. Select the Encrypt the connections for clients and services that retrieve data streams from the mobile server check box.
  3. To select a valid certificate, click . A Windows Security dialog box opens.
  4. Select the certificate that you want to apply.
  5. Click OK.

Edit certificate

If the certificate that you use for secure connection has expired, you can select another certificate that is installed on the computer on which the mobile server is running.

To change a certificate:

  1. On a computer with a mobile server installed, right-click the Mobile Server Manager tray icon in the taskbar of the operating system and select Edit certificate.
  2. To select a valid certificate, click . A Windows Security dialog box opens.
  3. Select the certificate that you want to apply.
  4. Click OK.

    5. A message informs you that the certificate has been installed and that the Mobile Server service has been restarted to apply the change.