Tag: TLS

Categories
Knowledge Support Support exacqVision Server Categories Products

Changing the Mobile Listening Port for exacqVision Server

When using the exacqVision Mobile app with the release of exacqVision Server 24.09 or higher, the exacqVision Mobile app will connect directly to the exacqVision Server service rather than require the intermediary exacqVision Web Service.

By default the service will listen for incoming mobile app connections on port 8443. This may be manually changed by the system administrator to accommodate network needs when needed.

<br>

Product

  • exacqVision Server, version 24.09 and above
  • exacqVision Mobile, version 24.09 and above

<br>

Steps

  1. Log into the system running the exacqVision Server instance with administrative privileges.<br><br>
  2. Locate the following configuration file:
    • Windows: C:\Program Files\exacqVision\Server\nvrsdkpi.xml
    • Linux: /usr/local/exacq/server/nvrsdkpi.xml<br><br>
  3. Open this JSON configuration file with the text editor of your choice.
    • Windows: Open the text editor choosing, ‘Run as Administrator’
    • Linux: Run with sudo privileges when needed.<br><br>
  4. Identify the line that reads:
    &lt;SecureUri value="0.0.0.0:8443" /&gt;<br><br>
  5. Replace ‘8443’ with the port number of your choosing. Be sure this is not a port already in use.<br><br>
  6. Save the file.<br><br>
  7. Restart the exacqVision Server service.

<br>

Categories
User Guides Categories exacqVision Webservice

How to disable TLS version 1.0 in the exacqVision web service – LEGACY

Applicable Versions

This document now applies only to exacqVision Web service 8.8 and earlier. Beginning with version 9.0, the web service no longer uses Apache. If you need to disable TLS 1.0 we recommend the use of a web service gateway. The steps in configuring a web service gateway are detailed in Configuring Nginx or Apache as a Web Service Gateway

<br>

Description

Disabling TLS 1.0 is regularly recommended by security scans. The following steps explain how to disable TLS 1.0.

Note: While TLS1.0 is insecure, it is required for IE8-10 to work by default. Users of those browsers have the ability to enable support for TLS1.1 or 1.2 in their browser settings, but it will have to be done for each user.

<br>

To disable TLS 1.0 in the web service:

  1. Using a text editor, open the file C:\Program Files (x86)\exacqVision\WebService\Apache\conf\extra\httpd-ssl.conf or /etc/evapache/extra/httpd-ssl.conf.
  2. Search for the line starting with SSLProtocol. By default, this line looks like: SSLProtocol all -SSLv2 -SSLv3
  3. Edit the line to add -TLSv1.  For example, the line would now look like SSLProtocol all -SSLv2 -SSLv3 -TLSv1
  4. Save the edited file.
  5. Restart the web service.

There are many variations of security protocol configuration that can be applied to meet a specific user’s needs, many of which fall outside the scope of a KB. Interested individuals should reference Apache’s documentation on configuring the SSL module: https://httpd.apache.org/docs/2.4/en/ssl/

<br>