01-14-2018 03:59 AM - edited 03-18-2019 01:46 PM
01-14-2018 09:46 PM
It depends on which "TLS Verify" you are referring to - but in general, having this turned on is more secure than leaving it turned off, but you must have the infrastructure to support it.
There are multiple "TLS Verify" settings which you can find mentioned in the Admin Guide:
Network [1] IEEE8021X TlsVerify
Verification of the server-side certificate of an IEEE802.1x connection against the certificates in the local CA-list when TLS is used. The CA-list must be uploaded to the video system. This can be done from the web interface.
This setting takes effect only when Network [1] IEEE8021X Eap Tls is enabled (On).
Requires user role: ADMIN, USER
Default value: Off
Value space: Off/On
Off: When set to Off, TLS connections are allowed without verifying the server-side X.509 certificate against the local CA-list. This should typically be selected if no CA-list has been uploaded to the codec.
On: When set to On, the server-side X.509 certificate will be validated against the local CA-list for all TLS connections. Only servers with a valid certificate will be allowed.
SIP TlsVerify
For TLS connections a SIP CA-list can be uploaded to the video system. This can be done from the web interface.
Requires user role: ADMIN
Default value: Off
Value space: Off/On
Off: Set to Off to allow TLS connections without verifying them. The TLS connections are allowed to be set up without verifying the x.509 certificate received from the server against the local CA-list. This should typically be selected if no SIP CA-list has been uploaded.
On: Set to On to verify TLS connections. Only TLS connections to servers, whose x.509 certificate is validated against the CA-list, will be allowed.
There is also Certificate Verification for HTTP and LDAP Server and Client site Certificates.
Please remember to mark helpful responses and to set your question as answered if appropriate.
01-14-2018 09:46 PM
It depends on which "TLS Verify" you are referring to - but in general, having this turned on is more secure than leaving it turned off, but you must have the infrastructure to support it.
There are multiple "TLS Verify" settings which you can find mentioned in the Admin Guide:
Network [1] IEEE8021X TlsVerify
Verification of the server-side certificate of an IEEE802.1x connection against the certificates in the local CA-list when TLS is used. The CA-list must be uploaded to the video system. This can be done from the web interface.
This setting takes effect only when Network [1] IEEE8021X Eap Tls is enabled (On).
Requires user role: ADMIN, USER
Default value: Off
Value space: Off/On
Off: When set to Off, TLS connections are allowed without verifying the server-side X.509 certificate against the local CA-list. This should typically be selected if no CA-list has been uploaded to the codec.
On: When set to On, the server-side X.509 certificate will be validated against the local CA-list for all TLS connections. Only servers with a valid certificate will be allowed.
SIP TlsVerify
For TLS connections a SIP CA-list can be uploaded to the video system. This can be done from the web interface.
Requires user role: ADMIN
Default value: Off
Value space: Off/On
Off: Set to Off to allow TLS connections without verifying them. The TLS connections are allowed to be set up without verifying the x.509 certificate received from the server against the local CA-list. This should typically be selected if no SIP CA-list has been uploaded.
On: Set to On to verify TLS connections. Only TLS connections to servers, whose x.509 certificate is validated against the CA-list, will be allowed.
There is also Certificate Verification for HTTP and LDAP Server and Client site Certificates.
Please remember to mark helpful responses and to set your question as answered if appropriate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide