If you are looking to add a surge protector between an analog PTZ camera and your ExacqVision server, some options that provide both BNC video connections as well as RS-485 terminals such as the following:
Month: December 2009
Version 8.4 and Higher
Follow the instructions in Article 1002 to configure HTTPS support in the Web Service.
<br>
Version 8.2 and Lower
SSL, a security system combining authentication and encryption, is used to protect communication between a web server and client. Enabling SSL on a web server allow all clients connecting to that server two key protections:
- The client is able to identify the server. There is no way for a fake server to misrepresent itself to a client.
- The communication between the client and server is encrypted, preventing a third-party from seeing what data is sent. This ensures the safety of private communication such as usernames and passwords, video data, and more.
NOTE: A self-signed certificate allows you to use a web browser, but it does not work with mobile devices. Only trusted third-party certificates work with mobile devices.
To use SSL in Windows with exacqVision Web Service, complete the following steps:
- Either create a self-signed certificate, or purchase a certificate from a trusted third party. (Creating a Self-Signed SSL Certificate) COMMON NAME should be the IP address or FQDN that you use to access your exacqVision Web Service. If acquiring a third-party cert, you might need to provide them with a Certificate Signing Request (CSR) file as follows:
a. Navigate to https://exacq.com/support/gencsr.php.
b. Enter all fields to output a .csr file and RSA key file to a zip file. Submit this data to the CA from which you are purchasing the certificate.
c. If you have purchased a chained certificate, be sure to download the appropriate intermediate bundle.
d. Place the .crt file and the intermediate bundle file (also a .crt file) from your CA into the Apache\conf directory. - Rename the .crt file to server.crt and the .key file to server.key. Save the .crt and .key files to C:\Program Files (x86)\exacqVision\WebService\Apache\conf\.
- Stop exacqVision Web Server using the link on the Start menu.
- Open the Web Server Configuration file with Notepad as an administrator from C:\Program Files (x86)\exacqVision\WebService\Apache\conf\httpd.conf.
Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Delete any preceding pound sign (#) characters.
Find the following line:
Include conf/extra/httpd-ssl.conf
Delete any preceding pound sign (#) characters.
NOTE: Make sure your SSL Certificate File and SSL Certificate Key File are in the Apache\conf directory. - Open the Apache SSL Configuration file in Notepad as an administrator. The file is located at C:\Program Files (x86)\exacqVision\WebService\Apache\conf\extra\httpd-ssl.conf.
Find the line that begins with:
FilesMatch “…
Change it to:
FilesMatch “\.(cgi|shtml|phtml|php|html)$”
NOTE: Those lines will also include angle brackets. Do not remove the brackets.
When finished, save and close the file. - It is recommended, but not required, that you disable the access log for SSL, as this file can grow very large. To do this, open the Apache SSL Configuration file in Notepad as an administrator. The file is located at C:\Program Files (x86)\exacqVision\WebService\Apache\conf\extra\httpd-ssl.conf. Find the line with the following text:
TransferLog “${SRVROOT}/logs/access.log”
Change it to:#TransferLog “${SRVROOT}/logs/access.log”When finished, save and close the file. - Open the Web Service Configuration file in Notepad as an administrator. The file is located at C:\Program Files (x86)\exacqVision\WebService\WebService.ini.
Add the following lines to the end of the document:
[Broker]
ssl_private_key = C:\Program Files (x86)\exacqVision\WebService\Apache\conf\server.key
ssl_certificate = C:\Program Files (x86)\exacqVision\WebService\Apache\conf\server.crt
When finished, save and close the file. - Open an exception for TCP port 443 in your firewall.
- Start exacqVision Web Server using the link under the Start button.
<br>
Tips
- When purchasing an SSL certificate, many providers offer an Intermediate Bundle, or additional certificates that need to be present that will link your certificate through the chain to a root certification authority. Usually the provider will also provide documentation that describes how to accomplish this with Apache, but is a good idea to ask them before or during the purchase process. Exacq is not responsible for making your certs capable of working with Apache.
- The httpd-ssl.conf file contains sections for Server Certificate, Server Private Key, Server Certificate Chain, and Certificate Authority. You must modify these sections with the appropriate paths to your specific files.
- It is possible to combine all the intermediate certificates that the provider might give you into one file and use that in the Server Certificate Chain section. Again, consult the provider for more information.
- You should also find and modify the following line to include the name for which your certificate was issued (your server’s name) instead of:
ServerName www.example.com:443
<br>
Troubleshooting
If exacqVision Web Service does not start after configuring it for SSL, complete the following steps:
- Open the Apache error logs, found by default at C:\Program Files\exacqVision\WebService\Apache\logs\error.log.
- Look for an entry similar to the following:
[Wed Mar 04 09:08:54.512004 2015] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from CERTIFCATE_FILE_NAME.crt and KEYFILE_NAME.key do not match AH00016: Configuration Failed - If you see this entry, complete the following steps:
a.) Run the openssl utility (found by default at C:\Program Files\exacqVision\WebService\Apache\bin\openssl.exe).
b.) Run the following commands, replacing the values in all caps with your values:
openssl.exe x509 -noout -modulus -in PATH_TO_CRT | openssl md5
openssl.exe rsa -noout -modulus -in PATH_TO_KEY | openssl md5
openssl.exe req -noout -modulus -in PATH_TO_CSR | openssl md5
For example:
openssl.exe x509 -noout -modulus -in ..\conf\certificate.crt | openssl md5
openssl.exe rsa -noout -modulus -in ..\conf\privateKey.key | openssl md5
openssl.exe req -noout -modulus -in ..\conf\csr.csr | openssl md5
c.) Compare the result values from all of the calls. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.
NOTE: Web Sockets communication will not work using SSL encryption for Web Service versions 7.2.0 – 7.2.6.
<br>
Workaround
Disable Web Sockets in the client configuration page of the browser Client.
<br>
Resolution
Update to exacqVision Web Service version 8.4 or later.
<br>
If you are using exacqVision Client 9.2 or earlier and want to create a shortcut that allows your users to open the client to a predesignated camera view, event monitoring profile, or to specific monitors on a multi-monitor viewing station, you will need to create an XML file based on the client CLI documentation:
If you are using client version 9.4 or later, please refer to KB:53190
<br>
Windows 7, 8.x, 10
1. Open the Windows Start menu and show All Programs. Find exacqVision Client.
2. Right-click on the client icon, expand ‘Send to’ and select ‘Desktop (create shortcut)’.
3. On the Desktop, find the new shortcut. Right-click it and select ‘Properties’.
4. Edit the ‘Target’ field to add an ‘-F’ option pointing to the XML file:
“C:\Program Files\exacqVision\Client\edvrclient.exe” -F˂FilePath˃\˂FileName˃
If you placed the XML file in a user’s directory that might look like:
“C:\Program Files\exacqVision\Client\edvrclient.exe” -FC:\Users\admin\Monitor2.xml
5. Click ‘OK’ then double-click the shortcut to test it.
6. You may rename the shortcut to identify a specific monitor or camera view.
7. If you are configuring shortcuts to open multiple clients on multiple monitors, repeat the steps above.
<br>
Ubuntu/Linux
1. Open a Terminal.
2. Type cd /home/admin/Desktop Press Enter.
3. Type sudo touch Monitor1.desktop Press Enter.
4. Type sudo gedit Monitor1.desktop Press Enter.
5. Use the text editor to fill out the contents to resemble the example below:
In the example above, replace the file path after ‘-F’ with the absolute file path to your own XML file.
6. When you have completed the file, save it and close the window to return to the Terminal prompt.
7. Type: sudo chmod +x Monitor1.desktop Press Enter.
8. Repeat these steps for each of your XML fles.
<br>
Opening-exacqVision-Client-on-Separate-Monitors-Using-Short-Cuts-with-Client-9.2-and-Earlier-1.pdfWhen setting up a new Exacq system, the out-of-box experience will prompt you to create a default operating system account. This account will be given administrative privileges.
Additional user accounts may be created using the Kiosk scripts available on the Desktop. Kiosk user accounts have restricted privileges. The Kiosk account is blocked from all operating system functions and the user can only close the exacqVision Client and log out of the operating system account. This prevents the Kiosk user from shutting down the system, opening web browsers, or from starting and installing other applications while logged in as the Kiosk user. You are given the option to automatically log into the system with the Kiosk user account during creation of the account.
If you license exacqVision software and install it on your own computer, this script is not available, and you are responsible for configuring all operating system accounts and privileges.
<br>