About this guide
This guide gives you an introduction to encryption and certificates, together with step by step procedures on how to install certificates in a Windows Workgroup environment.
Milestone recommends that you establish a Public Key Infrastructure (PKI) for creating and distributing certificates. In a Windows domain, it is recommended to establish a PKI using the Active Directory Certificate Services (AD CS).
If you are unable to build such a PKI, either due to having different domains without trust between them or due to not using domains at all - it is possible to manually create and distribute certificates.
WARNING: Creating and distributing certificates manually is NOT recommended as a secure way of distributing certificates. If you choose manual distribution, you are responsible for keeping the private certificates secure at all times. When you keep the private certificates secure, the client computers that trust the certificates are less vulnerable to attacks.
XProtect systems support secure communication:
|
From |
To |
For more information |
|---|---|---|
| Recording server |
Management server |
|
| Management server |
Recording server |
Encryption from the management server to the recording server (explained) |
| Management server |
Remote servers via Data Collector:
|
Encryption between the management server and the Data Collector Server (explained) |
| Clients, servers, and integrations that retrieve data streams from the recording server |
Recording server |
Encryption to clients and servers that retrieve data from the recording server (explained) |
| Mobile devices | Mobile server |
When do I need to install certificates?
- If your XProtect VMS system is set up in a Windows Workgroup environment
- Before you install or upgrade to XProtect VMS 2019 R1 or newer, if you want to enable encryption during the installation
- Before you enable encryption, if you installed XProtect VMS 2019 R1 or newer without encryption
- When you renew or replace certificates due to expiry
In the following sections, read about: