Has anyone here been asked to provide or dealt with digital certificates on their CCTV installs yet??
Thanks in advance,
Subscriber Discussion
Digital Certificates On CCTV Installs?
UI
Undisclosed Integrator #1
Apr 21, 2017Yes. What are you trying to accomplish? My customers do not expose their servers outside their LAN per best practice so why pay for a cert? Click through the browser warnings.
Mark Jones
Apr 21, 2017I am only trying to get up to speed on where and when to get them, cost etc.
Most of my corporate clients don't expose their NVR's outside the network either, but I have some that do.
I am unfamiliar with them. I will read more over the weekend. But, I had a manufacturer this morning tell me that it ensures that cameras can't be hacked from outside the network. That sounded like sales BS to me, but hey, what do I know?
UI
Undisclosed Integrator #1
Apr 21, 2017Certs need to be renewed so it's not a one and done. Godaddy want's $56 for a one year SSL cert. There are many providers so Google them and price shop. If the servers are exposed I would highly recommend an SSL cert. Without one your data is not encrypted and yes, it is easier to hack those servers.
One note. Even when not exposed to the outside a cert may be a good idea on large campuses especially where many users have access to the LAN. With considerable effort an individual with access to the LAN could intercept the unencrypted traffic.
In the end it's a relatively low cost insurance policy.
Mark Jones
Apr 21, 2017Thanks,
I have some serious reading to do.
Mark Jones
Apr 21, 2017Actually it sounds like a pretty good revenue stream.
Ethan Ace
Apr 21, 2017Certificates are a giant pain to deal with on IP cameras. We've been talking to some manufacturers about this this week and last.
I'm not aware of anyone that allows bulk certificate creation or application. So you have to go to the web interface of each device and create a self-signed certificate (or install 3rd party, but I'll get to that in a minute). This means a few minutes on each camera.
Then, if you want to get a third party certificate for each device, you have to create a request, send it off to a certifying authority, then install the certificate they send you. Again on each devices.
And like was mentioned above, there's a cost to these. GoDaddy's $56/year sounds really expensive to me, and is probably for a web server/transaction certificate. You should be able to use a basic certificate, which I've seen prices of $5-10 for.
All in all it's a pain. Whoever figures out how to streamline this is going to make a lot of people happy.
UI
Undisclosed Integrator #2
Apr 21, 2017You could always use a wildcard certificate to cover multiple devices (they just need to all have the same domain in their host-name), however I can't think of any solid reason to put public certificates on cameras given that you'd be accessing it only for config reasons (unless you just really hate browser warnings).
More commonly where they're used is for people exposing either web clients or mobile servers on the NVR to the internet (only exposing the ports related to those services, not the entire NVR). The biggest one that comes to mind is Milestone as they require public certs for the mobile portion (unless they fixed it, but when they first released 2016 they wouldn't allow Enterprise CA signed certs or self signed certs).
AT
Andrew Tierney
Apr 21, 2017You don't need to go to an external certificate authority for devices that only your staff will connect to.
Create your own CA, sign the certs, and install the CA into the systems that need to access the devices.
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions