Enable encryption to clients and servers
You can encrypt connections from the recording server to clients and servers that stream data from the recording server.
When you configure encryption for a server group, it must either be enabled with a certificate belonging to the same CA certificate or, if the encryption is disabled, then it must be disabled on all computers in the server group.
Prerequisites:
- The server authentication certificate to be used is trusted on all computers running services that retrieve data streams from the recording server
- XProtect Smart Client and all services that retrieve data streams from the recording server must be version 2019 R1 or later
- Some third-party solutions created using MIP SDK versions earlier than 2019 R1 may need to be updated
Steps:
-
On a computer with a recording server installed, open the Server Configurator from:
- The Windows Start menu
or
- The Recording Server Manager by right-clicking the Recording Server Manager icon on the computer task bar
-
In the Server Configurator, under Streaming media certificate, turn on Еncryption.
-
Click Select certificate to open a list with unique subject names of certificates that have a private key and that are installed on the local computer in the Windows Certificate Store.
- Select a certificate to encrypt communication between the clients and servers that retrieve data streams from the recording server.
- Click Apply.
Select Details to view Windows Certificate Store information about the selected certificate.
The Recording Server service user has been given access to the private key. It is required that this certificate is trusted on all clients.
When you apply certificates, the recording server will be stopped and restarted. Stopping the Recording Server service means that you cannot record and view live video while you are verifying or changing the recording server's basic configuration.
To verify if the recording server uses encryption, see View encryption status to clients.