Enable server encryption for recording servers or remote servers

You can encrypt the two-way connection between the management server and the recording server or other remote servers that use the Data Collector.

If your system contains multiple recording servers or remote servers, you must enable encryption on all of them.

For more information, see the certificates guide about how to secure your XProtect VMS installations.

When you configure encryption for a server group, it must either be enabled with a certificate belonging to the same CA certificate or, if the encryption is disabled, then it must be disabled on all computers in the server group.

  1. On a computer with a Management Server or Recording Server installed, open the Server Configurator from:

    • The Windows Start menu

    or

    • The server manager, by right-clicking the server manager icon on the computer task bar

  2. In the Server Configurator, under Server certificate, turn on Еncryption.

  3. Click Select certificate to open a list with unique subject names of certificates that have a private key and that are installed on the local computer in the Windows Certificate Store.

  4. Select a certificate to encrypt communication between the recording server, management server, failover server, and data collector server.

    5. Select Details to view Windows Certificate Store information about the selected certificate.

    The Recording Server service user has been given access to the private key. It is required that this certificate is trusted on all clients.

    The encryption tab in the Server Configurator with enabled encyption and installed certificates.

  5. Click Apply.

When you apply certificates, the recording server will be stopped and restarted. Stopping the Recording Server service means that you cannot record and view live video while you are verifying or changing the recording server's basic configuration.