Professional Documents
Culture Documents
Manual
FC33 full HDIP
HTTPS communications
IM 85A7C04E-01
IM 85A7C04E-01
1st edition 2020/10/30.
TOC-1
CONTENTS
A Introduction............................................................................................................................................ i
1 Network settings................................................................................................................................... 1
2 HTTPS ................................................................................................................................................... 2
3 Self-signed Certificate .......................................................................................................................... 3
3.1 Generating Private key ........................................................................................................................ 3
3.2 Generating Self-signed certificate ........................................................................................................ 4
3.3 Downloading Root Certificate............................................................................................................... 6
3.4 Installing Root certificate ...................................................................................................................... 7
3.5 Activation of HTTPS ...........................................................................................................................10
3.6 Confirmation of HTTPS access ...........................................................................................................11
4 Certificate Signing Request (CSR)......................................................................................................12
4.1 Generating Private key .......................................................................................................................12
4.2 Requesting certificate signing to Certificate Authority ..........................................................................12
4.3 Initializing Server certificate ................................................................................................................14
4.4 Installing Root certificate .....................................................................................................................15
4.5 Activation of HTTPS ...........................................................................................................................15
4.6 Confirmation of HTTPS access ...........................................................................................................15
4.7 Re-create Server certificate ................................................................................................................15
5 Delete ...................................................................................................................................................15
6 Initializing Settings ..............................................................................................................................16
7 Restrictions .........................................................................................................................................16
NOTE .......................................................................................................................................................16
IM85A7C04E-01
Blank Page
IM85A7C04E-01
i
A Introduction
■IM 30B10A10-01J A 1st Edition : 2019.2.7- 00
Documentation Conventions
■ NOTE in the manual
NOTE
Draws attention to information essential for understanding the operation and features.
■Trademark
All other company, organization and trade names and logos mentioned in the product are registered
trademarks or trademarks of YOKOGAWA or of their respective companies or organizations.
IM85A7C04E-01
Blank Page
IM85A7C04E-01
1
1 Network settings
Select [Network] of the Admin Menu in the left column, next, select [Protocol] Tab, then screen
fig.1 shown below will display:
(1) HTTP S
Default settings: enable status and default TCP/IP port number value is 80.
In case of ONVIF access、enabling setting of http will be needed.
(2) HTTPS
(corresponding to this function. For details, please refer to 3.5 or 4.5 “Activation of HTTPS”)
Default settings: disable status and default port number value is 443.
Can only be available when install Server Certificate.
(3) RTSP
Default settings: enable status and default port number value is 554.
IM85A7C04E-01
2
2 HTTPS
Secure communications can be provided by HTTPS protocol(this function available after ENC
V3.00). To operate HTTPS communication, a server certificate issued by certificate authority
should be needed.
Selectable for Authority type a Self-signed certificate which this product itself becomes a
certificate, and a Public or a private Certificate as third party.
Start
Self-signed Certificate
CErtification
Type
CA Certificate
Signing Request
CA Certificate
Self-signed Certificate
Signing Request
CSR file
download ・Issue Server Certificate
・Install Server Certificate
Private
Certificate Authority
Certificate Authority
Type
Public
Certificate Get Root Certificate
Authority
Enable HTTPS
IM85A7C04E-01
3
NOTE
・Narrowing bitrate and video stream should be needed due to high load processing by HTTPS.
・Before settings HTTPS, time adjustment by NTP and so on should be needed.
3 Self-signed Certificate
This section describes certification step by Self-signed Authority. In case of using public or
private Certificate Authority, please refer to section 4 below
IM85A7C04E-01
4
Fill each specified content in the Certificate Fields in the “Self-signed certificate” pop up window.
Specified contents in the Certificate are shown in Table 2. After filling up all the Certificate Fields,
click “Submit” button.
IM85A7C04E-01
5
Completion of installing Self-signed Server certification brings message as shown Fig.6 below.
Click “Save” button in the Admin Menu field left side to saving settings
IM85A7C04E-01
6
Click “Download(Root CA CRT)” button, after confirmation of contents of Certificate. And downloading
CER file from FC 33 to the client laptop will be done.
IM85A7C04E-01
7
Select “Local Machine” radio button and click “Next” button in the “Welcome to the Certificate
Import Wizard” window. (If pop up window for confirmation of changing arose, response by a
button of “OK” or “Yes”.)
IM85A7C04E-01
8
Select a “Place all certificate in the following store” button and Click “Browse…” button.
Select “Trusted Root Certification Authorities” folder and Click “OK” button.
IM85A7C04E-01
9
Confirm a display that “Trusted Root Certification Authorities” at the frame of “certificate store:” in
window which was re-pop upped. And Click “Next” button.
IM85A7C04E-01
10
Fig 15 Protocols-tab
Select [System] in the Admin Menu list, select [Reboot]-tab and click “Submit” button to reboot.
Fig 16 Reboot
IM85A7C04E-01
11
If red address bar depicted in the browser, installing of the Certificate may be failed.
IM85A7C04E-01
12
Fill each specified content in the Certificate Fields in the “CA certificate signing request” pop
up window. Specified contents in the Certificate are shown in Table 2.
After fill up all the Certificate Fields, click “Download(CSR)” button .
IM85A7C04E-01
13
After complete downloading the CSR file, click “Save” button to save settings
Please ask for issuing the Server certificate to Certificate Agency by submitting that CSR file.
IM85A7C04E-01
14
The Server-certificate-file can be used X509 of PEM format only. If other type, conversion will be
needed.
[Server certificate installation] will be shown when radio button of [CA certificate signing
request] is selected in the [Certificate Generated] column.
In case of the Certificate Authority having Intermediate certificate, open the Server-certificate-file
by Text editor, and coding as shown below:
-----BEGIN CERTIFICATE-----
Contents of Server certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Contents of Intermediate certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Contents of Upper Intermediate certificate
-----END CERTIFICATE-----
IM85A7C04E-01
15
4.5Activation of HTTPS
Please refer to section 3.5 above.
5 Delete
〔Private key〕 and 〔Server Certificate〕 can be deleted by clicking submit button.
Fig.22 Delete
NOTE
・Unable to delete when HTTPS protocol available setting.
・Unable to delete [Private key] only , when [Server Certificate] is existing.
・Re-create Server Certificate should be needed also, when delete and re-create [Private key].
IM85A7C04E-01
16
6 Initializing Settings
Clicking execute button can make the initializing Settings. Whole initializing and partial
initializing excepting IPv4 setting can be selectable. Ii case of whole initializing, it will delete
[Private key] and [Server Certificate].
7 Restrictions
➢ Updating ENC firmware from V2 to V3 is available, but not vice versa as downgrade version.
➢ If server certificate was expired, address bar of IE11 browser tarn to red with no SSL
connection.
➢ Video stream (RTSP) as SSL (over HTTPS) communication is unsupported.
➢ When ONVIF communication, enabling http will be needed.
・The contents of this manual are subject to change without notice in future due to
improvements in performance and functions.
NOTE
For details, or If you have any questions, please contact to us.
IM85A7C04E-01
Yokogawa Electric Corporation
Headquarters
9-32 Nakacho, 2-chome, Musashino-shi Tokyo, 180-8750 JAPAN
Phone: +81-422-52-5555
Printed in Japan