AXIS C3003-E Network Speaker
System Options
In Axis implementation, the Axis product and the authentication server identify themselves with digital certicates using EAP-TLS
(Extensible Authentication Protocol - Transport Layer Security). The certicates are provided by a Certication Authority (CA).
You need:
• a CA certicate to authenticate the authentication server.
• a CA-signed client certicate to authenticate the Axis product.
To create and install certicates, go to System Options > Security > Certicates. See Certicates on page 23. Many CA certicates
are preinstalled.
To allow the product to access a network protected by IEEE 802.1X:
1. Go to System Options > Security > IEEE 802.1X.
2. Select a CA Certicate and a Client Certicate from the lists of installed certicates.
3. Under Settings, select the EAPOL version and provide the EAP identity associated with the client certicate.
4. Check the box to enable IEEE 802.1X and click Save.
Note
For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP
server. See Date & Time on page 24.
Certicates
Note
Installed certicates, except preinstalled CA certicates, will be deleted if the product is reset to factory default. Preinstalled
CA certicates that have been deleted will be reinstalled.
A Server/Client certicate can be self-signed or issued by a Certicate Authority (CA). A self-signed certicate offers limited
protection and can be used before a CA-issued certicate has been obtained.
To install a self-signed certicate:
1. Go to Setup > System Options > Security > Certicates.
2. Click Create self-signed certicate and provide the requested information.
To create and install a CA-signed certicate:
1. Create a self-signed certicate as described above.
2. Go to Setup > System Options > Security > Certicates.
3. Click Create certicate signing request and provide the requested information.
4. Copy the PEM-formatted request and send to the CA of your choice.
5. When the signed certicate is returned, click Install certicate and upload the certicate.
Server/Client certicates can be installed as Certicate from signing request or as Certicate and private key. Select Certicate
and private key if the private key is to be upload as a separate le or if the certicate is in PKCS#12 format.
The Axis product is shipped with several preinstalled CA certicates. If required, additional CA certicates can be installed:
1. Go to Setup > System Options > Security > Certicates.
2. Click Install certicate and upload the certicate.
23