8021X_USERCA

 

Description

Upload or remove IEEE 802.1X User Certificate to or from the device.
The camera in IEEE 802.1X protected network has to pass the authentication to get the access right to the network. Then, users could connect to the camera for video/audio and control messages. There are five basic elements needed in the IEEE 802.1X EAP-TLS authentication.

Important Note:

The IEEE 802.1X User Certificate will be removed from the device when the device executed the factory default command. That causes the device could not be accessed anymore in the IEEE 802.1X protected network. The CONFIG_RESET URL should be used if users want to reset device configurations but keep network configurations including all certificates.

The device will save the certificate into its flash after the upload automatically. It needs to perform SAVE and REBOOT to apply new certificate.
The firmware has NOT perform the save and reboot automatically after this command.
It is very important to make sure all IEEE 802.1X certificates and user key have been uploaded completely before request the SAVE_REBOOT. Otherwise the camera might not be able to access again after the reboot.

Input Argument

remove or upload
where
remove: remove the IEEE 802.1X User certificate from device.
upload: upload the IEEE 802.1X User certification to the device.

No error message returned if there is no IEEE 802.1X User certificate in the device when 8021X_USERCA=remove command was received. The "OK" will be returned in this case.

Here is the network trace for the IEEE 802.1X user certificate upload. The URL in the example is http://172.16.3.14/cgi-bin/update?USER=Admin&PWD=123456&8021X_USERCA=upload.

Stage 1: Send this URL to the device for IEEE 802.1X user certificate upload

GET /cgi-bin/update?USER=admin&PWD=123456&8021X_USERCA=upload HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-tw
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 172.16.3.14
Connection: Keep-Alive

Stage 2 : Device reply the URL

HTTP/1.0 200 OK
Content-type: text/html

<html><head><title>UPLOAD FILES</title></head>
<meta http-equiv="PRAGMA" content="NO-CACHE"><body>
<form name="UPLOAD_FORM" method="POST" enctype="multipart/form-data" action="update?8021X_USERCA_SAVE">
Certificate File : <input type="FILE" name="UPLOAD_FILE" value="" size="40">
<br>
<input type="submit" value="Apply" name="URL_FIRMWARE_SUBMIT">
<br>
</form></body></html>

Stage 3: Upload the image file to device and get the return code

POST /cgi-bin/update?8021X_USERCA_SAVE HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://172.16.3.21/cgi-bin/update?USER=admin&PWD=123456&8021X_USERCA=upload
Accept-Language: zh-tw
Content-Type: multipart/form-data; boundary=---------------------------7d8261316e0708
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 172.16.3.21
Content-Length: 1046
Connection: Keep-Alive
Cache-Control: no-cache

-----------------------------7d8261316e0708
Content-Disposition: form-data; name="UPLOAD_FILE"; filename="clientCert.pem"
Content-Type: application/x-gzip-compressed

......................................

-----------------------------7d8261316e0708
Content-Disposition: form-data; name="URL_FIRMWARE_SUBMIT"

Apply
-----------------------------7d8261316e0708--

Stage 4: device reply this URL

HTTP/1.0 200 OK
Content-type: text/plain
Content-Length: 3

OK

Attribute

Return of Message

8021X_USERCA='none' (if there is no IEEE 802.1X user certificate)
or
8021X_USERCA='clientCert.pem' (if there is a IEEE 802.1X user certificate in the device)
or
ERROR: 8021X_USERCA not found (not support IEEE 802.1X)

Note: The filename of IEEE 802.1X user certificate in the device is fixed to the clientCert.pem. If the filename of uploaded IEEE 802.1X user certification is not clientCert.pem, the device will rename it to clientCert.pem after the upload.

OK (success to upload or remove the certificate)
or
ERROR: 8021X_USERCA not found (not support IEEE 802.1X)
or
ERROR: internal error. error message. (something wrong in the upload of certificate).

Applicability

Platform Devices Supported Firmware Version
PlatformA Camera, Video server A1D-220-V3.13 and later
PlatformT Camera, Video server A1D-310-V4.09 and later
PlatformK Camera A1D-311-V5.02 and later

Statue

Valid

See also

8021X_CA, 8021X_USERKEY

Example

http://ip:port/cgi-bin/update?USER=admin&PWD=123456&8021X_USERCA

http://ip:port/cgi-bin/update?USER=admin&PWD=123456&8021X_USERCA=remove
or
http://ip:port/cgi-bin/update?USER=admin&PWD=123456&8021X_USERCA=upload

Back To

HOME, UPDATE CGI