8021X_USERKEY

 

Description

Upload or remove IEEE 802.1x User Key to or from the device.
The camera in IEEE 802.1x protected network has to pass the authentication to get the access right to the network. Then, users could connect to the camera for video/audio and control messages. There are five basic elements needed in the IEEE 802.1x EAP-TLS authentication.

Important Note:

The IEEE 802.1x User Key will be removed from the device when the device executed the factory default command. That causes the device could not be accessed anymore in the IEEE 802.1x protected network. The CONFIG_RESET URL should be used if users want to reset device configurations but keep network configurations including all certificates.

The device will save the IEEE 802.1x user key into its flash after the upload automatically. It needs to perform SAVE and REBOOT to apply new user key.
The firmware has NOT perform the save and reboot automatically after this command.
It is very important to make sure all IEEE 802.1x certificates and user key have been uploaded completely before request the SAVE_REBOOT. Otherwise the camera might not be able to access again after the reboot.

Input Argument

remove or upload
where
remove: remove the IEEE 802.1x user key from device.
upload: upload the IEEE 802.1x user key to the device.

No error message returned if there is no IEEE 802.1x user key in the device when 8021X_USERKEY=remove command was received. The "OK" will be returned in this case.

Here is the network trace for the IEEE 802.1x user key upload. The URL in the example is http://172.16.3.14/cgi-bin/update?USER=Admin&PWD=123456&8021X_USERKEY=upload.

Stage 1: Send this URL to the device for IEEE 802.1x user key upload

GET /cgi-bin/update?USER=admin&PWD=123456&8021X_USERKEY=upload HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-tw
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 172.16.3.14
Connection: Keep-Alive

Stage 2 : Device reply the URL

HTTP/1.0 200 OK
Content-type: text/html

<html><head><title>UPLOAD FILES</title></head>
<meta http-equiv="PRAGMA" content="NO-CACHE"><body>
<form name="UPLOAD_FORM" method="POST" enctype="multipart/form-data" action="update?8021X_USERKEY_SAVE">
Certificate File : <input type="FILE" name="UPLOAD_FILE" value="" size="40">
<br>
<input type="submit" value="Apply" name="URL_FIRMWARE_SUBMIT">
<br>
</form></body></html>

Stage 3: Upload the image file to device and get the return code

POST /cgi-bin/update?8021X_USERKEY_SAVE HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://172.16.3.21/cgi-bin/update?USER=admin&PWD=123456&8021X_USERKEY=upload
Accept-Language: zh-tw
Content-Type: multipart/form-data; boundary=---------------------------7d8261316e0708
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 172.16.3.21
Content-Length: 1046
Connection: Keep-Alive
Cache-Control: no-cache

-----------------------------7d8261316e0708
Content-Disposition: form-data; name="UPLOAD_FILE"; filename="clientPriv.pem"
Content-Type: application/x-gzip-compressed

......................................

-----------------------------7d8261316e0708
Content-Disposition: form-data; name="URL_FIRMWARE_SUBMIT"

Apply
-----------------------------7d8261316e0708--

Stage 4: device reply this URL

HTTP/1.0 200 OK
Content-type: text/plain
Content-Length: 3

OK

Attribute

Return of Message

8021X_USERKEY='none' (if there is no IEEE 802.1x user key)
or
8021X_USERKEY='clientPriv.pem' (if there is a IEEE 802.1x user key in the device)
or
ERROR: 8021X_USERKEY not found (not support IEEE 802.1x)

Note: The filename of IEEE 802.1x user key in the device is fixed to the clientPriv.pem. If the filename of uploaded IEEE 802.1x user key is not clientPriv.pem, the device will rename it to clientPriv.pem after the upload.

OK (success to upload or remove the certificate)
or
ERROR: 8021X_USERKEY not found (not support IEEE 802.1x)
or
ERROR: internal error. error message. (something wrong in the upload of certificate).

Applicability

Platform Devices Supported Firmware Version
PlatformA Camera, Video server A1D-220-V3.13 and later
PlatformT Camera, Video server A1D-310-V4.09 and later
PlatformK Camera A1D-311-V5.02 and later

Statue

Valid

See also

8021X_CA, 8021X_USERCA

Example

http://ip:port/cgi-bin/update?USER=admin&PWD=123456&8021X_USERKEY

http://ip:port/cgi-bin/update?USER=admin&PWD=123456&8021X_USERKEY=remove
or
http://ip:port/cgi-bin/update?USER=admin&PWD=123456&8021X_USERKEY=upload

Back To

HOME, UPDATE CGI