Category: Categories

Container for the Support Portal’s categories.

At least one category within this section must be checked for the article to appear in Support Portal!

Categories
Knowledge Support Highlighted Support Categories exacqVision Webservice Products

Using SSL with exacqVision Web Service (Windows)

Version 8.4 and Higher

Follow the instructions in Article 1002 to configure HTTPS support in the Web Service.

<br>

Version 8.2 and Lower

SSL, a security system combining authentication and encryption, is used to protect communication between a web server and client. Enabling SSL on a web server allow all clients connecting to that server two key protections:

  1. The client is able to identify the server. There is no way for a fake server to misrepresent itself to a client.
  2. The communication between the client and server is encrypted, preventing a third-party from seeing what data is sent. This ensures the safety of private communication such as usernames and passwords, video data, and more.

NOTE: A self-signed certificate allows you to use a web browser, but it does not work with mobile devices. Only trusted third-party certificates work with mobile devices.

To use SSL in Windows with exacqVision Web Service, complete the following steps:

  1. Either create a self-signed certificate, or purchase a certificate from a trusted third party. (Creating a Self-Signed SSL Certificate) COMMON NAME should be the IP address or FQDN that you use to access your exacqVision Web Service. If acquiring a third-party cert, you might need to provide them with a Certificate Signing Request (CSR) file as follows:

    a. Navigate to https://exacq.com/support/gencsr.php.

    b. Enter all fields to output a .csr file and RSA key file to a zip file. Submit this data to the CA from which you are purchasing the certificate.

    c. If you have purchased a chained certificate, be sure to download the appropriate intermediate bundle.

    d. Place the .crt file and the intermediate bundle file (also a .crt file) from your CA into the Apache\conf directory.
  2. Rename the .crt file to server.crt and the .key file to server.key. Save the .crt and .key files to C:\Program Files (x86)\exacqVision\WebService\Apache\conf\.
  3. Stop exacqVision Web Server using the link on the Start menu.
  4. Open the Web Server Configuration file with Notepad as an administrator from C:\Program Files (x86)\exacqVision\WebService\Apache\conf\httpd.conf.

    Find the following line:

    LoadModule ssl_module modules/mod_ssl.so

    Delete any preceding pound sign (#) characters.

    Find the following line:

    Include conf/extra/httpd-ssl.conf

    Delete any preceding pound sign (#) characters.

    NOTE: Make sure your SSL Certificate File and SSL Certificate Key File are in the Apache\conf directory.
  5. Open the Apache SSL Configuration file in Notepad as an administrator. The file is located at C:\Program Files (x86)\exacqVision\WebService\Apache\conf\extra\httpd-ssl.conf.
    Find the line that begins with:
    FilesMatch “…

    Change it to:

    FilesMatch “\.(cgi|shtml|phtml|php|html)$”

    NOTE:     Those lines will also include angle brackets. Do not remove the brackets.

    When finished, save and close the file.
  6. It is recommended, but not required, that you disable the access log for SSL, as this file can grow very large. To do this, open the Apache SSL Configuration file in Notepad as an administrator. The file is located at C:\Program Files (x86)\exacqVision\WebService\Apache\conf\extra\httpd-ssl.conf. Find the line with the following text:

    TransferLog “${SRVROOT}/logs/access.log”
    Change it to:#TransferLog “${SRVROOT}/logs/access.log”When finished, save and close the file.
  7. Open the Web Service Configuration file in Notepad as an administrator. The file is located at C:\Program Files (x86)\exacqVision\WebService\WebService.ini.
    Add the following lines to the end of the document:

    [Broker]
    ssl_private_key = C:\Program Files (x86)\exacqVision\WebService\Apache\conf\server.key
    ssl_certificate = C:\Program Files (x86)\exacqVision\WebService\Apache\conf\server.crt

    When finished, save and close the file.
  8. Open an exception for TCP port 443 in your firewall.
  9. Start exacqVision Web Server using the link under the Start button.

<br>

Tips

  1. When purchasing an SSL certificate, many providers offer an Intermediate Bundle, or additional certificates that need to be present that will link your certificate through the chain to a root certification authority. Usually the provider will also provide documentation that describes how to accomplish this with Apache, but is a good idea to ask them before or during the purchase process. Exacq is not responsible for making your certs capable of working with Apache.
  2. The httpd-ssl.conf file contains sections for Server Certificate, Server Private Key, Server Certificate Chain, and Certificate Authority. You must modify these sections with the appropriate paths to your specific files.
  3. It is possible to combine all the intermediate certificates that the provider might give you into one file and use that in the Server Certificate Chain section. Again, consult the provider for more information.
  4. You should also find and modify the following line to include the name for which your certificate was issued (your server’s name) instead of:

    ServerName www.example.com:443

<br>

Troubleshooting

If exacqVision Web Service does not start after configuring it for SSL, complete the following steps:

  1. Open the Apache error logs, found by default at C:\Program Files\exacqVision\WebService\Apache\logs\error.log.
  2. Look for an entry similar to the following:

    [Wed Mar 04 09:08:54.512004 2015] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from CERTIFCATE_FILE_NAME.crt and KEYFILE_NAME.key do not match AH00016: Configuration Failed
  3. If you see this entry, complete the following steps:

    a.) Run the openssl utility (found by default at C:\Program Files\exacqVision\WebService\Apache\bin\openssl.exe).

    b.) Run the following commands, replacing the values in all caps with your values:

    openssl.exe x509 -noout -modulus -in PATH_TO_CRT | openssl md5
    openssl.exe rsa -noout -modulus -in PATH_TO_KEY | openssl md5
    openssl.exe req -noout -modulus -in PATH_TO_CSR | openssl md5

    For example:

    openssl.exe x509 -noout -modulus -in ..\conf\certificate.crt | openssl md5
    openssl.exe rsa -noout -modulus -in ..\conf\privateKey.key | openssl md5
    openssl.exe req -noout -modulus -in ..\conf\csr.csr | openssl md5

    c.) Compare the result values from all of the calls. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.


NOTE: Web Sockets communication will not work using SSL encryption for Web Service versions 7.2.0 – 7.2.6.

<br>

Workaround

Disable Web Sockets in the client configuration page of the browser Client.

<br>

Resolution

Update to exacqVision Web Service version 8.4 or later.

<br>

Categories
Knowledge Support Support exacqVision Client Categories Products

Default Windows User Accounts on Exacq Systems

When setting up a new Exacq system, the out-of-box experience will prompt you to create a default operating system account. This account will be given administrative privileges.

Additional user accounts may be created using the Kiosk scripts available on the Desktop. Kiosk user accounts have restricted privileges. The Kiosk account is blocked from all operating system functions and the user can only close the exacqVision Client and log out of the operating system account. This prevents the Kiosk user from shutting down the system, opening web browsers, or from starting and installing other applications while logged in as the Kiosk user. You are given the option to automatically log into the system with the Kiosk user account during creation of the account.

If you license exacqVision software and install it on your own computer, this script is not available, and you are responsible for configuring all operating system accounts and privileges.

<br>

Categories
Knowledge Support Support exacqVision Server Categories Products

Starting iSCSI on Startup with Linux Systems

After you reach the point where everything is logged in (you are able to type iscsiadm –m session and get output), following is the generic syntax:

iscsiadm -m node -T <targetname> -p <ip:port> –op update -n node.conn[0].startup -v automatic

<br>

The parameters between < and > are substitutions.

The syntax for persistent binding devices discovered on an internal connection under Ubuntu would look like this:

iscsiadm -m node -p 172.16.16.1 –op update -n node.conn[0].startup -v automatic

<br>

Here’s a more complete breakout, with examples from another system with two volumes (vol1-test and vol2-test), each with two connection paths, to log in to:

root@xxx:/etc/iscsi# iscsiadm -m node -l

Login session [iface: default, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a, portal: 10.4.15.164,3260]

Login session [iface: default, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a, portal: 10.3.15.102,3260]

Login session [iface: default, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol2-test.600176c34e91735e80bcbba748669f4a, portal: 10.4.15.164,3260]

Login session [iface: default, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol2-test.600176c34e91735e80bcbba748669f4a, portal: 10.3.15.102,3260]

<br>

The following is used for persistent binding to just the first volume, by target name:

# iscsiadm -m node -T iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a –op update -n node.conn[0].startup -v automatic

root@xxx:/etc/iscsi# /etc/init.d/open-iscsi restart

 * Disconnecting iSCSI targets                                                  Logout session [sid: 1, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a, portal: 10.4.15.164,3260]

Logout session [sid: 2, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a, portal: 10.3.15.102,3260]

Logout session [sid: 3, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol2-test.600176c34e91735e80bcbba748669f4a, portal: 10.4.15.164,3260]

Logout session [sid: 4, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol2-test.600176c34e91735e80bcbba748669f4a, portal: 10.3.15.102,3260]

                                                                         [ OK ]

 * Stopping iSCSI initiator service                                      [ OK ]

 * Starting iSCSI initiator service iscsid                               [ OK ]

 * Setting up iSCSI targets

Login session [iface: default, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a, portal: 10.4.15.164,3260]

Login session [iface: default, target: iqn.2003-01.com.pivot3:raige.vol:34xen.defaultpool.vol1-test.600176c30c272e438f96ea2d48669f4a, portal: 10.3.15.102,3260]

                                                                         [ OK ]

<br>

NOTE: This just pulls in that target (vol1-test). Further, we could add by –p 10.3.15.164 in a second operation and pull in one other connection that the above did not add, for vol2-test on an IP basis (or, if this were the first operation, it would have added one connection to each volume). To turn off automatic binding for a given connection, you would use –v manual instead of -v automatic.

<br>

Also, none of this takes effect until the iSCSI daemon is restarted.

<br>

Starting-iSCSI-on-Startup-with-Linux-Systems.pdf
Categories
Knowledge Support Support Categories exacqVision Hardware Products

Enumerating more than Four Serial Ports in Linux

If a system is built with the Radisys motherboard or has two or more eDVR boards, there are more then four serial ports. However, Ubuntu 8.04 enumerates only four serial ports by default. To change the number of serial ports enumerated, complete the following steps:

<br>

  1. Edit menu.lst by typing sudo nano /boot/grub/menu.lst
  2. Find the line that starts with # kopt= and ends with ro and add the following to the end: 8250.nr_uarts=16
  3. Save the file by pressing Ctrl-o and then Enter.
  4. Exit by pressing Ctrl-x.
  5. Execute the following command to refresh grub: sudo update-grub

<br>

NOTE: The first character in “lst” is the lowercase letter L and not the number 1.

<br>

Enumerating-more-than-Four-Serial-Ports-in-Linux.pdf
Categories
Knowledge Support Support exacqVision Client Categories Products

Panasonic NW502 JPEG versus H.264 Issue

If you connect to a Panasonic NW502 camera and the software displays JPEG while MPEG-4 is greyed out, you must enable H.264 video encoding. To do this, browse to the NW502 camera configurator and open the Image page. Then change the Video Encoding Format from MPEG-4 to H.264.

<br>

Panasonic-NW502-JPEG-versus-H.264-Issue.pdf

Categories
Knowledge Support Support exacqVision Client Categories Products

Supported exacqVision Client Languages

The following languages are supported in exacqVision Client as of November 11, 2009:

<br>

NOTE: To view the client software in the target language, simply change the Windows language and then run the client software.

<br>

Afrikaans
Arabic
Chinese
Danish
Dutch/Flemish
French
French Canadian
Greek
Hebrew
Hungarian
Japanese
Korean
Norwegian (Bokmål and Nynorsk)
Polish
Portuguese
Russian
Serbian
Slovak
Slovene
Spanish (Castilian)
Spanish (Venezuelan)
Spanish (Chilean)
Swedish

<br>

Supported-exacqVision-Client-Languages.pdf
Categories
Knowledge Support Support exacqVision Server Categories Products

Locking Down Linux GRUB (Legacy)

To lock down Linux GRUB, complete the following steps:

<br>

  1. Download the attachment lock-grub.sh.
  2. Make it executable: chmod +x lock-grub.sh
  3. Execute the script with your desired password: sudo ./lock-grub.sh admin256

<br>

This puts a password entry in /boot/grub/menu.lst as an md5 hash. If you want to change it after running this script, replace the hash with one created with grub-md5-crypt.

<br>

To view code follow the link: http://exacq-staging.instil.co/#/file-manager/1b63f3e9-b6e5-48be-9cd2-14b4a1ad2fad/kb-00597-597-210212

<br>

Categories
Knowledge Support Support Categories Products exacqVision Hardware

Disabling Automatic Login in Linux

To disable automatic login on Linux, complete the following steps:

  1. Log in to the Admin account.
  2. Run Start -> System -> Administration -> Login Window.
  3. After you enter the admin password, the Login Window Preferences dialog appears. On the Security tab, deselect Enable Automatic Login. You can also change the User to admin if you want to always login as admin; however, this is not recommended for security reasons.

<br>

Disabling-Automatic-Login-in-Linux.pdf
Categories
Knowledge Support Support exacqVision Client Categories Products

exacqVision Timestamp Format

All exacqVision video is timestamped in UTC, so there is no ambiguity as to the absolute time when the video was recorded. When exporting video, the time zone of the system on which the video was recorded is not stored. Starting with exacqVision version 3.4, two features were added to make this more transparent to the operators:

<br>

  1. In exacqVision Client, an onscreen display shows the server time zone (in offset from UTC) along with the timestamp. If this option is not configured for the camera, the timestamp is shown in the client’s local time.
  2. In ePlayer, the timestamp of the recorded video is shown in the time zone of the local computer on which it is playing, but the time zone offset is shown. Thus, if you watch a video on a computer set to EDT, you might see 2:00 (GMT-4:00), whereas the same video viewed on a computer in CDT would show 1:00 (GMT-5:00). The UTC timestamp is the same in both cases. Knowledge of the physical location of the recording server, which is clearly needed for evidentiary purposes, can correlate the local time of the machine on which the video is being watched to the local time of the server on which it was recorded.

<br>

Categories
Knowledge Support Support exacqVision Webservice Categories Products

Can the Web Server run on an Exacq EL NVR system?

Yes, exacqVision EL supports a Web Server used to provide the mobile device video access. The Web Server is not installed on EL by default because if it runs simultaneously with exacqVision Client on the EL hardware, performance of both the local client and the Web Server could be noticeably slower (this is the tradeoff for the low power consumption and reduced cost of the Intel Atom processor). The loading introduced by the Web Server is roughly equal to the client. Remote clients connected to the exacqVision Server do not introduce significant CPU loading.

<br>

On exacqVision ELP systems, the Intel Celeron processor can run exacqVision Client and Web Server simultaneously. exacqVision Client performance is still dependent on the processor. See Client Workstation Hardware Requirements on this page for more information.

<br>

The installation of the Web Service is very easy and no different than for any other Ubuntu Linux-based system. The Web Service installer is available at https://exacq.com/support/downloads.php.

<br>