Generate & Apply SSL Certificates for Diamond Cameras & Recorders

HTTPs provides authentication of the web site and protects user privacy. In this guide, we will show how to set up the HTTPS certificate and access your Diamond device in a secure manner. The steps are valid for any Diamond device such as an IP camera, NVR, XVR, etc.

HTTPS Certificate Setup on Security IP Cameras (Dahua)

Access the camera

First, you need to access the camera via the web browser and log into it using your username and password.

Once you log in with your credentials (use Internet Explorer), navigate to the HTTPS settings that can be found Setting > System > Safety > HTTPS (below the main menu). If you can’t find the HTTPS section, then your camera doesn’t support this function.

Create an HTTPS certificate

An HTTPS certificate creates a protocol that is used to encrypt and decrypt the data going from the browser to the camera and the opposite.

Here we will show you how to create and install a certificate for your camera. This certificate must be installed on every computer/laptop that you’ll use to access your camera remotely.

Under HTTPS, select the create button under “Create Certificate“. Fill out your country’s initials, input the IP address of the device you are making the Certificate for, and select create.

IP or Domain Name: Enter the static external IP address or domain name that you have set up to access your camera. In other words, you can add three types of values:

• LAN IP address: if the camera is going to be used on the local network only (not remotely)

• External IP address: this is the IP address that you use to see the camera remotely (after you have done port forwarding).

• Domain name: this is the case if you use DDNS or a domain name for your camera.

Country: here you can add your country, it should be abbreviated to two letters only. Some examples: United States – US, Canada – CA, United Kingdom – UK

Valid email address: enter your email address.

The rest is optional, you may fill it out if your client requires it. Otherwise, it doesn’t affect the setup process. To leave it empty, just enter “none”.Additionally, you can also specify how many days you would like the certificate to be valid (for example 365 days)

Make sure every information is entered correctly (no typos) and then click the “Create” button. Clicking the create button will copy your information and create a certificate request.
In the next step click the Download button and export your certificate on the computer. Make sure you know what folder the file is saved. If you’re using this certificate for multiple computers, save it on a USB drive or on the cloud.
If you don’t install the certificate on your computer (from where you access your camera or CCTV system), then the browser will send out alerts that the camera connection is unsecure. Below are the steps on how to easily install this certificate.

Browse to the folder or the directory when you saved the certificate in (the previous steps), for example on the Desktop folder.

When double-clicking the certificate file, it will automatically open up the Certificate details, click “Install Certificate…” to import it.
On the next window, you’ll see the “Certificate Import Wizard”, choose the local machine if multiple users use the computer. If the computer is only ever used by one person then select ‘Current User’. Click next to start the import procedure.
Then click the “Place all certificates in the following store” selection, after that select “Trusted Root Certification Authorities” and click OK to finish importing your HTTPS certificate.

Once done, you should receive a success message. If not, there is something wrong with your Windows installation, you may need to contact the network administrator (or Microsoft) to figure out what’s wrong.

Install the certificate on the camera

Get back to the camera interface and enable the HTTPS at the top (same section as step 1).

Then click the “Install” button, it will usually take 30 seconds for the camera to go through the installation. Once successfully done, you should see the Attribute fields populated. Click Save to finish it.
Note: You should see an ‘Operate Succeeded!’ message, if not then the certificate is not valid. Addiotitlalu, make sure the HTTPS checkbox is enabled. In some models, the camera or the recorder may reboot automatically (for the HTTPS to take effect).

Check to see if HTTPS is working

After the camera or recorder has rebooted, we need to make sure the HTTPS is in fact properly working. You need to access the camera using the IP address (or domain name) for which the certificate was created in the previous steps.

Open up the Internet Explorer and type the IP address on the URL bar. For example, start with https:// followed by the IP address, let’s say: https://82.11.XXX.XXX.
You may get a warning from the browser the first time you access the camera using the https protocol. Depending on the browser, all you have to do is to mark the website as safe and it will not show anymore.

Another error that you may see is the message “TLS out of date”, simply refresh the page and the error will be cleared. Additionally, the data from the camera may take longer to load up since the data is being encrypted and decrypted.

And these are all the steps that you need to follow in order to have the HTTPS protocol implemented in your camera. From now on, all the communications and the data transferred from and to the camera via the web browser will be secure.