Breadcrumbs

How to setup Certificate based authentication with Bosch?




To set up certificate-based authentication with Bosch, you'll typically need to follow these steps below:


Step-by-step guide


1. In Configuration Manager, go to User Management and press “Add user”

a. Note that the option to select “Certificate” is gray-out
b. Note that the Authorized issuers is the CA you created

image-2023-6-28_13-6-17.png


2.Fill out the User Form

a.Select type of user e.g. service
b.Create new
c.Select a path, this .pfx you will later importinto e.g. Chrome

image-2023-6-28_13-7-2.png


3. Once created, wait a few seconds (it could be needed to toggle between pages) before the “certificate” tick-box becomes active.

Activate and press save

Camera will reboot

image-2023-6-28_13-9-4.png


4. Now the Certificate based user has been configured, you can disable the Password login option via the camera webpage.

All clients who wants to access the camera would need the certificate. Once de-activated, the access via Config-Manager remains

image-2023-6-28_13-11-11.png


5. Once the passwords are deactivated, it looks like:

1.Password un-selected
2.Certificate selected
3.CA filled
4.All 3 user accounts are Yellow underlined and also gray-out
5.User certificate is green and its Certification Path shows no warnings

image-2023-6-28_13-12-22.png



Gain certificate based access via Chrome

Option 1 (Option 2 below after this)


6. Open the Camera webpage (in this example we used Chrome. If correct, you can’t access it):

image-2023-6-28_13-14-20.png


7. Go to Chrome settings > Privacy and Security > Security > Manage Certificates

image-2023-6-28_13-15-11.png


8. Import now the User Certificate (.pfx) you created

image-2023-6-28_13-15-53.png

a. Select to see “all” extensions else you wont see the .pfx

image-2023-6-28_13-17-2.png

b. See in the path if correct file was selected > press next

image-2023-6-28_13-17-40.png

c. See before finish >

i. added to Personal certificates
ii. PFX format

image-2023-6-28_13-18-38.png


9. Refresh now your Chrome camera tab, and select the certificate

image-2023-6-28_13-19-17.png


a. Certificate Information

image-2023-6-28_13-19-52.png


10. Now you will have immediately Certificate based access. No password is required. This option has also been disabled.

image-2023-6-28_13-20-41.png


Option 2

Is to directly add the certificate to the certificate manager. You can import this on each client PC where you want to access this camera from.

a. Put the useraccess.pfx certificate on an USB or copy to PC (desktop)
b. Go to run command certmgr.msc (certificate manager)
c. Choose Action > All Tasks > Import

image-2023-6-28_13-22-9.png


d. Select “All Files” so you be able to view the .pfx extension, and browse to the Certificate

image-2023-6-28_13-22-51.png


e. Store the certificate in “Personal”

image-2023-6-28_13-23-50.png


f. Once finished, it looks like:

image-2023-6-28_13-24-34.png


g. When you now open the camera webpage via HTTPS in a browser (Edge or Chrome), it shall prompt you to accept the certificate. After pressing OK, you can access the camera

image-2023-6-28_13-25-41.png


Once access it from a different machine as where you initially started from it could be that your connection is not secure.
To solve, import your “CA certificate > CertifiedAuthority.crt”
Into your “Trusted root certificates”

image-2023-6-28_13-27-14.png