Canon network camera VBM641VE User Manual
Have a look at the manual Canon network camera VBM641VE User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Setting Page 4 121 Certificate creation, administrative sett ings and encrypted communication settings. Certificates Create an SSL/TLS certificate. [Create Self-Signed Certificate] Enter the following items and click [Exe c] to create a self-signed certificate. Follow the displayed message and reboot. The certif icate created will take effect after rebooting. Note Creating a certificate takes time, so it is recommended that you stop video transmission and upload processes. [Certificate Status] If no certificate is installed, [Not Installed] will appear. If a certificate is inst alled, the validity period for the certificate will appear. [Country (C)] Enter the ISO3166-1 alpha-2 country code. [ State/Province (ST)], [Locality (L)], [Organiz ation (O)], [Organizational Unit (OU)], [Common Name (CN)] Enter state/province name, locality, organization name, or ganizational unit and common name in alphanumeric characters (spaces or printable characters). Enter an FQDN format host name, etc. to set the common name (required). [Validity Period Start Date], [Validity Period End Date] Set the validity period of the certi ficate to be created (required when creating a self-sig ned certificate). Set HTTP Communication Encryption [Security] > [SSL/TLS] Important Use a self-signed certificate when complete security does not need to be ensured, such as through operation tests. For system operation, it is recommended that you acquire and install a certificate issued by a CA.
122 Certificate Management Manage the SSL/TLS certificate. [Generate Certificate Signing Request] Click [Exec] to create server private key and generate a certificate signing request. Once processed, the certificate signing re quest will appear in a separate window. Note Generating a certificate signing request takes time, so it is recommended that y ou stop video transmission and upload processes . [Display Certificate Signing Request] Click [Exec] to view the details of the certificate signing request. [Install Server Certificate] Perform this operation to in stall a server certificate. Specify the certificate file to be installed using [Browse] and click [Exec]. The certificate installed will take effect after rebooting. [Install Intermediate Certificate] Perform this operation to inst all an intermediate certificate. Specify the certificate file to be inst alled using [Browse] and click [Exec]. The certificate installed will take effect after rebooting. Note To install an intermediate certificate and a primary intermediate certificate, use a text editor or similar software to place them in the same file and install them as an intermediate certificate. [Delete Server Certificate] Click [Exec] to delete the server certificate. However, if SSL communications are enab led, the certificate cannot be deleted. Set [SSL Communications] to [Disable] before deleting a certificate. The deletion will take effect after rebooting. [Delete Intermediate Certificate] Click [Exec] to delete the intermediate certificate along with the primary certificate. However, if SSL communications are enab led, the certificate cannot be deleted. Set [SSL Communications] to [Disable] before deleting a certificate. The deletion will take effect after rebooting. [Display Server Certificate Details] Click [Exec] to view the details of the certificate. [Display Self CA Certificate] Used for the purpose of testing SSL communications, but otherwise not normally used. [Backup] Click [Exec] to perform a backup of th e certificates and private key. This can only be performed via SSL communications.
Setting Page 4 123 [Restore] Installs the certificates and private key from backup. Click [Browse] to specify the backup file, then click [Exec]. This can only be performed via SSL communications. The restored certificate will take effect after rebooting. Encrypted Communications Set encrypted communications. [SSL Communications] Select this to enable or disable SSL communications. The setting will take effect after rebooting. However, if no certificate is installe d, SSL communications cannot be used. Note It may take a few minutes to generate an SSL key. If SSL communications are used, video transmission performance drops. Depending on the type of the certificate being installed on the camera, a dialog box may appear indicating that the web browse r has accepted the certificate and a connection can be made. If the dialog box does not appear, register the CA certificate in the web browser.
124 Settings for 802.1X authentication and authentication status display, and for certificate administration. 802.1X Authentication Display the 802.1X authentication enable/disable control and status. [802.1X Authentication] Select this to enable or disable 802.1X authentication. [Authentication Status] Display the status of 802.1X aut hentication. There are three types of status: [Authenticated], [Unauthenticated], and [Stop]. Authentication Method Set the authentication method us ed for 802.1X authentication. [Authentication Method] Select the authentication method used for 802.1X authentication. [User Name] Enter the user name used for authentication. [Password] Enter the required pass word for authentication. This is displayed only when [Authentication Method ] is set to [EAP-MD5], [EAP-TTLS], or [EAP-PEAP]. Certificate Information This is displayed only when [Authentication Method] is set to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP]. [CA Certificate Status] If no CA certificate is installed, [Not Installed] is displayed. If a CA certificate is installed, the validity period of the certificate is displayed. [Client Certificate Status] If no client certificate is installed, [Not Installed] is displayed. If a client certificate is installed, the validity period of the certificate is displayed. This is displayed only when [Authent ication Method] is set to [EAP-TLS]. Network Port Authentication Settings [Security] > [802.1X]
Setting Page 4 125 [Client Private Key Status] If no client private key is installed, [Not Installed] is disp layed. If a client private key is installed, [Installed] is displayed. This is displayed only when [Authent ication Method] is set to [EAP-TLS]. Certificate Management This is displayed only when [Authentication Method] is set to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP]. [Install CA Certificate] Installs a CA certificate. Specify the certificate file to be inst alled using [Browse] and click [Exec]. [Install Client Certificate] Installs a client certificate. Specify the certificate file to be inst alled using [Browse] and click [Exec]. This is displayed only when [Authent ication Method] is set to [EAP-TLS]. [Install Client Private Key] Installs a client private key. Specify the private key file to be installed using [Browse] and click [Exec]. This is displayed only when [Authent ication Method] is set to [EAP-TLS]. [Client Private Key Password] Enter the password for the client private key. Required when a password has been configured for the private key. This is displayed only when [Authent ication Method] is set to [EAP-TLS]. [Delete Certificate] Deletes all installed CA certificates, clie nt certificates, and client private keys. Only “CA Certificate” is displayed when [Authentication Method] is set to [EAP-TTLS] or [EAP-PEAP], but any installed client certificates and c lient private keys are also deleted. Important If any CA certificates, client certificates , and client private keys already exist when installing certificates, they are discarded and new versions are installed. An error occurs if the format of the certificate or private key to be installed is incorrect. Client certificates and client private keys are checked as a pair when instal ling, and an error occurs if they do not match. The certificate and private key used for 802.1X authentication must be installed as separate items, irrespective of the installation status of certificates for SSL/TLS.
126 Settings for using IPsec. Note If IPsec is used, video transmission performance drops. IPsec [IPsec] Select key settings for using IPsec. Auto Key Exchange Settings [IPsec SA Encryption Algorithm] Select the IPsec SA encryption algorithm. The specified algorithm will be checked for an app licable encryption algorithm starting from the left. [IPsec SA Authentication Algorithm] Select the IPsec SA authentication algorithm. The specified algorithm will be checked for an applicab le authentication algorithm starting from the left. [IPsec SA Validity Period (min)] Enter the duration of validity for IPsec SA. [I SAKMP SA Encryption Algorithm] Select the SA encryption algorithm fo r use with auto key exchange protocol IKE. Set IPsec [Security] > [IPsec] Important To run this camera with IPsec, the communicating devices and netwo rk must be set beforehand. Contact your system administrator for these settings. When connecting with IPsec, set the camera IP address manually. For IPv4 addresses, use addresses with [I Pv4 Address Setting Method] set to [Manual] in [Basic Settings] > [Network] > [IPv4]. For IPv6 addresses, use addresses set with [IPv6 Addr ess (Manual)] in [Basic Settings] > [Network] > [IPv6]. If the IPsec setting is changed and the camera may become ina ccessible from the active web browser, a confirmation dialog box will appear. Click [OK] to apply the new settings. If you reboot the camera and cannot connect to the camera from th e web browser, any available URI for connecting to the camera will be displayed in a message. If you cannot connect to the camera through the displayed URI, contact your system administrator.
Setting Page 4 127 [ISAKMP SA Authentication Algorithm] Select the SA authentication algorithm for use with auto key exchange protocol IKE. [DH Group] Select the key generation information that w ill be used in the DH algorithm for key exchange via auto key exchange protocol IKE. [I SAKMP SA Validity Period (min)] Enter the duration of validity for ISAKMP SA. IPsec Set 1 to 5 IP security can be specified through auto key exchange or manual setting with up to five communicating devices. Auto Key Exchange Note If auto key exchange is used, it will take approximately 5 to 10 seconds before communication with the camera starts. [IPsec Set] Set whether IPv4 or IPv6 will use or will not use IPsec sets. [IPsec Mode] Select the IPsec mode. [Destination IPv4 Address], [Destination IPv6 Address] Enter the IP address of the connection destination. [ Source IPv4 Address], [ Source IPv6 Address] Enter the IP address of the source. [ Security Protocol] Select the IPsec protocol. If [ESP] is selected, enter only t he setting items relating to ESP. If [AH] is selected, enter only th e setting items relating to AH. If [ESP and AH] is selected , enter all setting items. [ Security Gateway IPv4 Address], [ Security Gateway IPv6 Address] Enter the IP address of the security gateway if [IPsec Mode] is set to [Tunnel Mode]. [Destination Subnet Mask Length] (IPv4), [Des tination Prefix Length] (IPv6) Enter the subnet mask (IPv4) or prefix length (I Pv6) when [IPsec Mode] is set to [Tunnel Mode]. [IKE Pre- Shared Key] Enter the pre-shared key for IKE (auto key exchange). Important If the camera is rebooted during auto key exchange communication, a connection error may result after rebooting. If this occurs , connect again.
128 Manual [IPsec Set] Set whether IPv4 or IPv6 will use or will not use IPsec sets. [IPsec Mode] Select the IPsec mode. [Destination IPv4 Address], [Destination IPv6 Address] Enter the IP address of the connection destination. [ Source IPv4 Address], [ Source IPv6 Address] Enter the IP address of the source. [ Security Protocol] Select the IPsec protocol. If [ESP] is selected, enter only t he setting items relating to ESP. If [AH] is selected, enter only th e setting items relating to AH. If [ESP and AH] is selected , enter all setting items. [ Security Gateway IPv4 Address], [ Security Gateway IPv6 Address] Enter the IP address of the security gateway if [IPsec Mode] is set to [Tunnel Mode]. [Destination Subnet Mask Length] (IPv4), [Des tination Prefix Length] (IPv6) Enter the subnet mask (IPv4) or prefix length (I Pv6) when [IPsec Mode] is set to [Tunnel Mode]. When [Security Protocol] Is Set to [ESP] or [E SP and AH] [SA ESP Encryption Algorithm] to [SA ESP SPI (inbound)] must be set. [SA E SP Encryption Algorithm] Set the ESP encryption algorithm to suit the encryption algorithm supported by the device to connect to. Normally [AES] or [3DES] is recommended. [ SA E SP Authentication Algorithm] Set the ESP authentication algorithm to suit the authentic ation algorithm supported by the device to connect to.
Setting Page 4 129 If [ESP] is used alone, [No Authentication] cannot be selected. [SA E SP Encryption Key (outbound)] Enter the SA encryption key for outbound. If [AES], [3DES] or [DES] was selected in [SA ESP Encryption Algorithm], set a 128-bit, 192-bit or 64-bit hexadecimal number, respectively. This item need not be set if [NULL] was selected. [ SA E SP Authentication Key (outbound)] Enter the SA authentication key for outbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in [SA ESP Authentication Algorithm], set a 160-bit or 128-bit hexadecimal number, respectively. This item need not be set if [No Authentication] was selected. [ SA E SP SPI (outbound)] Enter the SA SPI value for outbound. Set a desired value in the range of 256 to 4294967295. [ SA E SP Encryption Key (inbound)] Enter the SA encryption key for inbound. If [AES], [3DES] or [DES] was selected in [SA ESP Encryption Algorithm], set a 128-bit, 192-bit or 64-bit hexadecimal number, respectively. This item need not be set if [NULL] was selected. [ SA E SP Authentication Key (inbound)] Enter the SA authentication key for inbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in [SA ESP Authentication Algorithm], set a 160-bit or 128-bit hexadecimal number, respectively. This item need not be set if [No Authentication] was selected. [ SA E SP SPI (inbound)] Enter the SA SPI value for inbound. Set a desired value in the range of 256 to 4294967295. Since this setting is used as an ID for identifying the SA , be careful not to specify an inbound SPI whose value is already used in the SPI for other ESP. When [ Security Protocol] Is Set to [AH] or [ESP and AH] [SA AH Authenticatio n Algorithm] to [SA AH SPI (inbound)] must be set. [ SA AH Authentication Algorithm] Set the AH authentication algorithm to suit the authenti cation algorithm supported by the device to connect to. [ SA AH Authentication Key (outbound)] Enter the SA authentication key for outbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in [SA AH Authentication Algorithm], set a 160-bit or 128-bit hexadecimal number, respectively. [ SA AH SPI (outbound)] Enter the SA SPI value for outbound. Set a desired value in the range of 256 to 4294967295. [ SA AH Authentication Key (inbound)] Enter the SA authentication key for inbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in [SA AH Authentication Algorithm], set a 160-bit or 128-bit hexadecimal number, respectively. [ SA AH SPI (outbound)] Enter the SA SPI value for inbound. Set a desired value in the range of 256 to 4294967295. Since this setting is used as an ID for identifying the SA , be careful not to specify an inbound SPI whose value is already used in the SPI for another AH.
130 Settings for recording video to a memory card inserted in the camera. You can also see the status of the memory card. The content on this page is common with [Video Record] > [Memo ry Card] (P. 101). Settings configured in any page will be reflected in the other pages. Note The following memory cards can be used. – SD memory card, SDHC memory card, SDXC memory card – microSD memory card, microSDHC memory card, microSDXC memory card For inserting and removing the memory card, please refer to “Installation Guide” > “Using a Memory Card”. Only H.264(1) video can be recorded to a memory card. [H.264(2)] cannot be recorded. Video Record Setting Sets whether to record video from the camera to a memory card or upload it with HTTP or FTP. These can also be set with [Video Record] > [Upload] (P. 96) and will be reflected in [Video Record Setting] here. [Video Record Action] Select [Record to Memory Card] to record to a memory card. Memory Card Operations The setting items will change de pending on the memory card status (unmounted/mounted). Memory Card Operations and Information Display [Memory Card] Important Information recorded to the memory card may be regarded as “personal information”. Take sufficient precautions for handling this information when releasing to third part ies for disposal, transfer or repair. Important Be sure to perform the unmount process when turning off the powe r to the camera or removing the memory card. Failing to unmount first may result in management file problems or the memory card becoming inaccessible. You can use the Camera Management Tool (P. 36) to bat ch mount/unmount memory cards from multiple cameras. R11R10M741M740 M641M 640