Note: These instructions are for both Agent DVR and iSpy

The free version of the local LAN server accepts connections over HTTP only. The technology Agent DVR uses will work locally over HTTP but for remote connections it needs SSL. If you want secured remote access to Agent DVR you will need to use the remote web portal which has a secure connection to Agent, SSL certificates configured for browser access and secured high bandwidth routing servers for connection establishment and media transfer.

Agent from v3.4.4.0+ supports SSL connections on the local network but only if you have an active subscription or a business license.

SSL install on Windows

Using the Windows SDK create a Certificate Authority (CA):

makecert -n "CN=vMargeCA" -r -sv vMargeCA.pvk vMargeCA.cer

Create an SSL certificate:

makecert -sk vMargeSignedByCA -iv vMargeCA.pvk -n "CN=vMargeSignedByCA" -ic vMargeCA.cer vMargeSignedByCA.cer -sr localmachine -ss My

Use the MMC GUI to install the CA in the Trusted Authority store

Use the MMC GUI to install the SSL certificate in the Personal store

Bind the certificate to the IP address:port and application:

netsh http add sslcert ipport= certhash=YOUR_CERT_HASH appid={642c92c9-a595-4315-b9cb-3cfdc902805b}
Important: If you are installing this certificate for iSpy instead of Agent, change 8090 in the command above to 8080 (or whatever port you have set it to run on in iSpy settings)

Where YOUR_CERT_HASH is the thumbprint from your SSL certificate which you can find using MMC.

When you have generated and installed the certificate and you have a valid subscription you can switch on SSL only mode in server settings under Local Server.

SSL install on Unix (Linux/ Mac)

Setting up SSL on Unix is different to Windows. You will need to use a reverse proxy. See NGINX Reverse Proxy for an example.


If the browser fails to connect and you cannot resolve the issue with the certificate you can reset the SSL requirement in Agent DVR by stopping the service, edit the file Agent/Media/XML/config.xml and set RequireLANSSL to "false". Save and restart Agent.