Category: exacqVision Webservice

Manually Configuring HTTPS for Web Service Certificate and Key Path

Post author By Bhargav Atturu
Post date March 1, 2021

The following steps are intended for manually setting the certificate and key path for exacqVision Web Service versions 8.4 and higher.

NOTE: Wildcard certificates cannot be uploaded through the exacqVision Web Service administration interface. However, they may be used when manually configured.

Products

exacqVision Web Service version 8.4 and above

Steps

Find the web service configuration file:
- Windows: C:\ProgramData\Webservice\conf\wfe.json
- Linux: /etc/webservice/wfe.json
Open this JSON configuration file with the text editor of your choice.
- Windows: Open the text editor choosing, ‘Run as Administrator’
- Linux: Run with sudo privileges when needed.
Within this file, locate the top-level key ‘webserver’.
One level underneath the ‘webserver’ key, locate the ‘tls’ key.
- Note: The ‘tls’ key is optional. If it does not exist, create it as such:
 "webserver": {
 "listen": 80,
 "tls": {
 }
Inside the ‘tls’ key, modify the values for the following fields (creating keys for them if they are not already present)
- “type”: The literal string “external” (including the quotes)
- “listen”: The port on which you want the web service to conduct HTTPS traffic. The default HTTPS port is 443. Provide this value as a literal number without quotes.
- “cert”: The absolute path to your HTTPS certificate (surrounded in double-quote markers, e.g. “/home/admin/certificates/webservice.cert”)
- “key”: The absolute path to your HTTPS private key (surrounded in double-quote markers as well)
 
 If you have followed these steps correctly, the contents of webserver key section of the wfe.json should now look something like the following:
 "webserver": {
 "listen": 80,
 "tls": {
 "listen": 443,
 "cert": "path/to/your/cert",
 "key": "path/to/your/key",
 "type": "none"
 }
Save your changes.
Restart the exacqVision Web Service.

Tags exacqVision Web Service, Web Service versions 8.4 and higher, HTTPS, Configuring SSL, KB-00034-34-210202, 608, Cert, Key, Wildcard, Guest, Configuring HTTPS

User Guides Documentation Categories exacqVision Webservice Products

exacqVision Web Service User Manual

Post author By Bhargav Atturu
Post date February 18, 2021

exacqVision-Web-Service-Configuration-Guide-24.03.pdf

Tags Guest, Web Service, User Guide, User Manual, exacqVision Web Service User Manual, TR-00056-56-210218, v3.12, 3670

User Guides Documentation Categories exacqVision Webservice Products

exacqVision Web Service Configuration

Post author By Bhargav Atturu
Post date February 18, 2021

exacqVision-Web-Service-Configuration-20.12.pdf

Tags User Guide, User Manual, v20.12, TR-00055-55-210218, exacqVision Web Service Configuration, 3667, Guest, Web Service

Knowledge Support Support Categories exacqVision Webservice Products

SCN-00000010 – Explaining Web Service Architecture Change

Post author By Isaac Penrod
Post date February 17, 2021

SCN #	SCN-00000010
Title of SCN	Explaining Web Service Architecture Change
TRAC #
Effective Version	9.0.0
Products Affected	Web Service
Reason for Change (Summary)	To better address the root of customer questions about Web Service security without creating more confusion.

Change

Engineering has requested that Support Technicians refrain from explaining the new Web Service as “having a ‘Go’ Web Front End”. Rather, let the customer know that the new Web Server is “Custom”, or “written in-house”. As comparison, it’s unnecessary to offer that ESM is primarily written in Python, or that the Client uses C++ and wxWidgets. For detailed information on why this is necessary, and what customers are really asking, see below.

Additional Documentation

Apache HTTP Server Project

Go Programming Language

https://trac.exacq.com/DVR/wiki/WebServiceRearch

https://tycosecurityproducts.com/CyberProtection/CyberProtection.aspx

https://www.johnsoncontrols.com/buildings/specialty-pages/product-security

KB 47080 – Configuring Nginx or Apache as web service gateway

https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

Other Information

Customers who have been receiving security compliance scans are accustomed to needing to update their Web Service to get the latest security fixes. Since version 2.4.0, the open-source Apache has been used by the exacqVision Web Service. Apache is widely used around the world, and is (along with every other major Web Server) a common target of malicious attack. This necessitated a process of “ever-updating” to make sure the customer is not vulnerable to the latest threats.

Beginning in Web Service version 9.0, the Apache HTTP Server was removed in favor of using a custom, in-house built Web Server. This was not simply to achieve “security through obscurity”, rather we now have much more control over what changes are made to our Web Server, as well as the ability to optimize the functionality with our product. This has led to great gains in the speed of Web Service functions.

Customers are now asking what the new Web Server is and what kind of implication this has to the Security of the Web Service. In trying to understand the change, many Support Technicians are in the habit of explaining the new Web Service as “having a ‘Go’ Web Front End”. This is because the new Web Server is written in the Go Programming Language. However, it’s unnecessary to offer what Language the software is written in. Engineering has requested that we refrain from offering that it’s written in “Go” since this will inevitably lead to further un-needed questions.

What customers are really asking is: “What effect does this change have on maintaining a secure Web Service?” The answer is: “It depends.”

Normally, customers’ concerns regarding Web Service security are raised by a PCI Compliance Scan as required by the ‘Payment Card Industry Data Security Standard’. Since Apache versions are closely monitored in these scans, and the exacqVision Web Service required user interaction to update the embedded Apache, our software commonly showed as problematic on these scans. Since all PCI scans are different, customers should re-run these scans after updating to 9.0 to see if they still show vulnerabilities. If any are found, customers are encouraged to setup their own web service gateway and enforce custom security policies as required by their company’s requirements. Instructions can be found in KB 47080. Customization of the exacqVision Web Server security policies will be limited, but not impossible. If many customers are reporting the same issue, this will need to be escalated to the Engineering team for consideration.

Tags Web Front End, Go, Level2, 3580, SCN-00000010, WFE

Knowledge Support Support Categories exacqVision Webservice Products

Downgrading exacqVision Web Server

Post author By Bhargav Atturu
Post date May 26, 2020

Issue

Due to the configuration migration which occurs when upgrading to exacqVision Web Server 9.6 you can not downgrade from 9.6 or higher versions to 9.4 or earlier versions using an older installer.

To downgrade to a version of exacqVision Web Server prior to 9.6 you must completely uninstall exacqVision Web Server and then run the old installer.

Note: Once you are on 9.6 or higher You can then upgrade/downgrade to any version 9.6 and higher version using the desired versions installer. This is where you start your issue. 10pt

Downgrading-exacqVision-Web-Server.pdf

Tags Web Server 9.6, KB-00010-10-210201, 351, Guest, Restrictions, Web Server, Downgrade, Downgrading exacqVision Web Server

Knowledge Support Support Categories exacqVision Webservice Products

Identifying exacqVision Development Software Versions

Post author By Bhargav Atturu
Post date April 11, 2019

Software

Continuing changes to exacqVision software follows a standardized version control system which allows for quick identification of the type of build that is being installed. Software is numbered by a 4-part system as follows: [major].[minor].[revision].[build]

The first 2 elements will tell you the calendar year and month. Version 23.06.776000.0 was released in the year 2023, on the 6th month (June). The last 2 elements will increment as software continues to be developed. For instance 23.03.3.x was released after 23.03.2.x and will contain improvements or fixes that didn’t exist previously.

Software is typically released every quarter. Version 23.03 was released on March 15th 2023.

When troubleshooting, it may be necessary to install a development build that has not been publicly released. There are 4 main categories of builds:

Development Branch: These builds are intended for active development by Software Engineers to implement features and enhancements. A branch build should only be given to a customer with specific instructions from an Engineer for validation purposes.
Trunk: Software changes that have passed code review and automated, regression testing and have been merged into trunk.
Release Candidate (RC) Branch: A month prior to the Public release, the current development trunk becomes a Release Candidate (RC) branch and code changes are manually tested.
Public: These are Release Candidates that have been posted to the public Downloads page on or before the 15th day of the following months: March, June, September, December. There may be multiple versions as future fixes may be back-patched to the public release.

Development Branch builds can be identified by the 3rd number set. They will always be 4 or more digits long. For instance 23.06.776000.0 is a Development Branch build.

Trunk is identified by the same number set. The 3rd set will always be 3 digits long. Version 23.06.100.0 is a trunk build.

Important

Since different levels of testing occur at different stages of the development process, it’s important to remember that a Development Branch, Trunk or RC Branch (prior to Public release) build may include fixes for specific issues, but have not yet completed the full cycle of testing compared to a Public build

Artifactory Example

Tags Level2, KB-00031-31-210202, 583, Software, Identifying exacqVision Development Software Versions, Updates

Knowledge Support Support exacqVision Webservice Categories Products

Time Zone Only Shows UTC-0 Option

Post author By Bhargav Atturu
Post date February 26, 2019

Symptom

In the exacqVision Client software on the ‘System Configuration’ page, under the ‘Date/Time’ tab, the Time Zone drop down menu has only one option, UTC-0.

Problem

The user cannot set the proper server time zone.

Affecting only Windows systems, the script that obtains the time zones from the operating system has failed. The ‘timeconfig.ps1’ script will fail if the system is running PowerShell 2.0.

To check the version of PowerShell installed, open a PowerShell command prompt and enter:

Get-Host | Select-Object Version

Solution

Steps to correct:

Update the installed version of PowerShell to 3.0 or higher.
When the update has completed, restart the system.
Run the exacqVision Server installer over the top of the existing install.
Open the exacqVision Client software and set the proper time zone.

Tags 638, SFA000034975, Guest, Server Software, Server, Server Time Zone, Time Zone, KB-00039-39-210203

Knowledge Support Support Categories exacqVision Webservice Products

Removal of Web Sockets from Web Service

Post author By Bhargav Atturu
Post date December 10, 2018

ExacqVision Web Service version 7.2 introduced video streams over web sockets.

Web Sockets were removed in favor of other performance enhancements with version 9.6.

Tags KB-00051-51-210203, 728, Web Sockets, Guest, Web Server

Knowledge Support exacqVision Webservice Categories Products

ESM May Not Connect to Web Service with Self-Signed Certificate

Post author By Bhargav Atturu
Post date August 10, 2018

Symptom:

The camera video feed section in ESM displays an SSL error message.

Problem:

ESM may not connect to the exacqVision Web Service if the web service is using a self-signed certificate. This may be more prevalent on systems where TLS/SSL was configured after being added to ESM.

ESM did not automatically detect the scheme change and requires the user to manually configure the scheme.

Solution:

Upgrade ESM to version 5.8 or higher.

ESM-May-Not-Connect-to-Web-Service-with-Self-Signed-Certificate.pdf

Tags Guest, ESM, Web Service, Self-Signed Certificate, Connection to Web Service, Certificate, KB-00081-81-210203, 625

Knowledge Support Support Categories exacqVision Webservice Products

Enabling IPv6 Support for exacqVision Web Service 9.0 – 9.4

Post author By Bhargav Atturu
Post date August 8, 2018

NOTE: The backend for the exacqVision Web Service was changed in version 9.6. This document does not apply to Web Service versions 9.6 and higher.

Best Practice is to use the latest version of Web Service available.

The exacqVision Web Service listens for incoming connections from web browsers and the mobile app using IPv4 by default. Beginning with version 9.0 of the web service you may configure this to listen for connections using IPv6. The following instructions detail how to configure this:

Open the following file in a text editor:

Windows: C:\ProgramData\Webservice\conf\wfe.json
Linux: /etc/webservice/wfe.json

Add the “address” line as shown below. Replace the address in the following example with the IPv6 address of your outward bound network interface.

{<br>
    "webserver": {<br>
        "listen": 80,<br>
        "address": "cd5d::f0aa:3400",<br>
        "tls": {<br>
            "listen": 443,<br>
            "cert": "",<br>
            "key": "",<br>
        }<br>
    }<br>
}<br>

If you are configuring this file for HTTPS redirection, using Article 702, you may place the “address” line under the “tls” block.

NOTE: This will only apply to inbound connections to the exacqVision Web Service. At this time, connections to the exacqVision Server/evAPI do not support IPv6.

Tags 698, IPv6, Web Service 9.4, Web Service 9.6, Guest, Web Service 9.0, WFE, KB-00091-91-210203