Running Agent DVR under SSL

Running Agent DVR under SSL

By default the local LAN server accepts connections over HTTP only. If you want to secure access to it you can either use the remote portal which already has an SSL certificate setup or you will need to install an SSL certificate on the computer running Agent.


Using the Windows SDK create a Certificate Authority (CA):

makecert -n "CN=vMargeCA" -r -sv vMargeCA.pvk vMargeCA.cer

Create an SSL certificate:

makecert -sk vMargeSignedByCA -iv vMargeCA.pvk -n "CN=vMargeSignedByCA" -ic vMargeCA.cer vMargeSignedByCA.cer -sr localmachine -ss My

Use the MMC GUI to install the CA in the Trusted Authority store

Use the MMC GUI to install the SSL certificate in the Personal store

Bind the certificate to the IP address:port and application:

netsh http add sslcert ipport= certhash=YOUR_CERT_HASH appid={642c92c9-a595-4315-b9cb-3cfdc902805b}

Where YOUR_CERT_HASH is the thumbprint from your SSL certificate which you can find using MMC.

When you have generated the certificate you can switch on SSL only mode in server settings under Local Server.

If the browser fails to connect and you cannot resolve the issue with the certificate you can reset the SSL requirement in Agent by stopping the service, edit the file Agent/Media/XML/config.xml and set RequireLANSSL to "false". Save and restart Agent.