Enterprise Manager (EM), formerly known as Enterprise System Manager (ESM), uses Apache to provide the underlying web server.
During initial install a graphical dialogue will allow you to change your port numbers.
If you’ve already installed the application you may wish to perform this change manually.
The first step to manual editing is to find the location of the config file where the port numbers are held. This depends on both the platform (operating system) and version of the Web Service you have installed. The default installation location for the configuration file httpd.conf is as follows:
<br><br> Determine where this file is for your install before continuing.
Once you have found the file, open it using your editor of choice (be sure to do so with administrative privileges) and perform either of the following depending on its name:
For httpd.conf (HTTP port) and httpd-ssl.conf (HTTPS port):
Find the Listen directive in the file
For example, if the current port is 80, the line should read Listen 80
This diagram illustrates how the various Exacq applications work together and the ports used to communicate.
Internal (LAN)
Remote (WAN)
In cases where external users plan to connect for remote monitoring, you will may need to configure port forwarding on your router to allow traffic on those ports to pass through. exacqVision provides several ways to connect to your system from outside of your site’s LAN.
The Desktop Client software requires port forwarding.
Users of the exacqVision Mobile app may configure port forwarding or use the Remote Connectivity feature, configured within the Desktop Client.
Users connecting with the Web Browser Client or the Exacq Mobile 3 app may configure port forwarding, or use the Relay Service, configured within the exacqVision Web Service.
Remote Management
In the case of the Integrator Service Portal (ISP), this may connect to the server using an inbound connection to port 22609, or the server may be configured for an outbound connection to reach out to the ISP.
When exporting video, from time to time you may notice that the length of the exported AVI or MOV file is slightly shorter than the video you marked in the client to be exported.
<br>
This occurs because when the video from the client is transcoded to a different format the length is determined by (frame rate * number of frames). The software must estimate the frame rate in order to account for things such as motion recording or time lapse where there are gaps. The longer your exported file is the more you may notice this, but the total export will still contain all the frames recorded during that time.
<br>
If this is a serious concern, we recommend exporting to our proprietary PS file format or the EXE file format which does not transcode the video. In addition, EXE files provide the benefit of a watermark to authenticate that the video has not been tampered with.
Microphone support, for sending audio from your device to an exacqVision Server, was added in Exacq Mobile 3, version 8.4.
All installations of Exacq Mobile 3 acquired from Google Play and the Apple App Store support sending audio to an exacqVision Server.
<br>
Important Note
To send audio to an exacqVision Server using the mobile site, accessed via a web browser, the device or computer that is being used must have a microphone connected, the service must be hosted using HTTPS, and the site must be accessed via HTTPS. If you are accessing the mobile site over HTTP the option to send audio is not available due to browser security constraints.
The following settings are recommended for ensuring the best performance of the web service on the M-Series:
Start License: Change the recording format of each camera to “JPEG”.
Pro License: Add a secondary stream for each camera, setting the recording format of the secondary stream to “JPEG”. Note: It may be necessary to create a view containing these secondary streams to access them via the web service.
exacqVision supports connecting to many cameras using HTTPS. Depending on the camera firmware capabilities and the device type plugin used in exacqVision the level of encryption provided may vary.
Using the IP Camera Integration Database, you may choose to filter the displayed results by devices which support SSL (HTTPS).
<br>
Connecting with HTTPS
When adding a new camera to an exacqVision Server or editing an existing camera connection, the IP Camera Information section on the Add IP Cameras page provides a Protocol drop-down menu. The following options are available:
HTTP
HTTPS If Available
HTTPS Required
Selecting ‘HTTPS If Available‘ does not permit customizing the Port number field. This option will attempt to connect to the camera using HTTPS on port 443. If this attempt fails it will fall back to attempt connection with HTTP on port 80. This may add a small delay to the initial connection as it tests HTTPS first.
Selecting ‘HTTPS Required‘ will only permit connection to the device using HTTPS. If the device cannot accept such a connection the device will fail to connect. You are permitted to change the Port number field should your camera be configured to provide HTTPS over a custom port number.
<br>
HTTPS Connection Symbols
The IP Camera List on the Add IP Cameras page as well as the Camera Recording page provide symbols in the Protocol column allowing you to quickly view which devices are connected with HTTPS and to what level.
An empty field in the Protocol column indicates an HTTP connection.
The gear icon denotes that the connection is made to the device with HTTPS, which encrypts the login credentials to the device, the camera web interface in the Client’s web panels, and CGI commands made to the camera.
A padlock icon in the Protocol column indicates that the HTTPS connection encrypts the credentials, web page, and CGI commands, but also includes encryption of the video stream.
NOTE: HTTPS between the exacqVision software and camera encrypts only the communications between those two devices.
<br>
Enabling HTTPS on Your Camera
Cameras will vary from manufacturer to manufacturer as well as between versions of firmware. Legacy firmware on some devices may require you to apply your own certificate. Many IP cameras today provide HTTPS support out-of-box using self-signed certificates. Below, we examine the settings on an Illustra IQ camera. For other devices, please refer to your device’s documentation.
NOTE: When accessing a camera through the web browser interface using HTTPS, your browser may warn you or prompt you for permission to continue due to having a self-signed certificate. A self-signed certificate can be used to encrypt communication but cannot provide certificate validation. Certificate validation requires the certificate be issued by a Certificate Authority (CA).
Some devices may require you to generate a new self-signed certificate if you have changed the IP address since the last certificate was created.
<br>
Illustra IQ Cameras
Illustra IQ devices provide self-signed certificates out-of-box. When entering the Setup mode of an Illustra IQ camera expand the Security menu, then navigate to the HTTP/HTTPS page, as shown.
This page allows you to configure the port number used. Using the Upload button will allow you to upload your own certificate from a trusted Certificate Authority rather than using the camera’s self-signed certificate.
If you decide to use a certificate from a Certificate Authority you must provide them with a Certificate Signing Request (CSR) from the camera. Each camera requires its own, unique certificate from your CA.
NOTE: Do not use wildcard certificates for this purpose.
To generate a CSR file to provide to your CA, navigate to the Generate CSR page, also found under the Security menu. Complete the form on the left as required for your site and needs, then click Apply. The field to the right will populate. You will copy the data from this field into a new text file, but save it as a .CSR file. If you accidentally save the file as .txt, simply replace the .txt file extension with .csr. Provide this file to your CA.
