How to Enable HTTPS Between Milestone XProtect & Axis Cameras

Enabling HTTPS between Milestone XProtect and your Axis cameras is a great way to secure the communications between Milestone and your devices. In this blog, we’ll explain why securing communications between your VMS and security cameras is important and how to do so effectively using HTTP.
Table of Contents

Cybersecurity is a big issue these days and corporate security and surveillance policies need constant review to proactively address potential threats. Enabling HTTPS between Milestone XProtect and your Axis cameras is a great way to secure the communications between Milestone and your devices. In this blog, we’ll explain why securing communications between your VMS and security cameras is important and how to do so effectively using HTTP.

What is HTTP vs HTTPS?

HTTPS, or “Hypertext Transfer Protocol Secure”, is the secure version of HTTP. Both protocols send data between a website and a web browser. HTTPS encrypts your communications with a website, thereby protecting your data from being intercepted by someone else. 

HTTPS is especially important when you are transferring sensitive data, such as logging into your bank or accessing your security system. By using HTTPS, you can be sure that your information is safe and will not be stolen by hackers.

Why Does HTTPS Matter for Your Video Security System?

By default Milestone XProtect uses HTTP to connect to the camera and to the video stream.  When using HTTP however the credentials are passed between the camera and the recording server in plain text.

This means that a bad guy sniffing the network could quite easily identify the camera’s credential and use them for nefarious means.  HTTPS is a method of securing those credentials from prying eyes.  In this case, enabling HTTPS uses SSL to encrypt the credentials sent by the recording server to the camera instead of sending it in plain text for all to see.

The majority of enterprise video surveillance deployments do not take securing the credentials into consideration at the time of deployment which is why learning how to do this quickly and in bulk after the fact is very important.

If you are using Axis cameras deploying HTTPS with Axis Device Manger, Milestone XProtect and The Boring Toolbox is rather quick.  Below are the steps to take.

How to Enable Certificate Authority in Axis Device Manager

Axis Device Manager is a tool provided free of charge by Axis which will allow you to fully manage the settings of your entire fleet of Axis cameras in bulk. To enable HTTPS between Milestone XProtect & Axis, you must first enable the certificate authority in Axis Device Manager, allowing Axis to start managing certificates.

How To Configure the Certificate Authority in Axis Device Manager

1. Navigate to Configuration > Security > Certificates

2. Under “Certificate authority” header click “Generate”

Be sure to record the password you chose as you will need that when you renew the certificates. With the CA enabled on ADM it is time to deploy HTTPS to the cameras.

3. Click back over to the “Device Manager” tab and select the camera or group of cameras you want to configure HTTPS on.

4. Once selected, right-click, Security > Secure Communication > Enable/disable.

New follow the wizard to install a new certificate generated by the ADM CA and will ignore any other private certificates on the cameras.

5. Select "Enable or renew HTTPS"

6. Select "Use CA certificate in ADM"

7. Confirm the cameras that you want to enable HTTPS on and click Finish

8. Enable both HTTP & HTTPS by right-clicking on the cameras you just enabled HTTPS on, selecting “Configure devices” > “Configure”

This is the last step in ADM is to enable both HTTP and HTTPS on the cameras. HTTP is used by Milestone to initialize the communication to the camera. The camera will then redirect the recording server to use HTTPS.

9. Search for System.BoaGroupPolicy in the configuration pop-up window, scroll to the bottom and enable HTTP & HTTPS on all three options listed in the image below:

How to Enable HTTPS in Milestone XProtect

With certificates deployed to the camera, you can now enable HTTPS in Milestone by adjusting your hardware settings in Milestone Management Client. Without The Boring Toolbox, you’ll need to do this for each camera one by one. We’ve included both sets of instructions below for how to accomplish this task with and without The Boring Toolbox.

How to Update Your Camera Settings in Bulk Using The Boring Toolbox

1. Open The Boring Toolbox and navigate to Hardware​

2. Search for and select the cameras you would like to enable HTTPS on in Milestone​

3. Once all have been selected, toggle “Enable HTTPS” on​ This will update the setting in XProtect and in theory you are done here but I prefer to add one more step

4. Disable and re-enable the hardware ​

This forces Milestone to re-authenticate the hardware using HTTPS and ensures you will Milestone will still be able to pull video. To assist with this, The Boring Toolbox will keep the cameras you just enabled with HTTPS in Milestone checked so that you can quickly click disable hardware in the right context menu and then afterward enable hardware. This allows you to update HTTPS settings on hundreds of cameras in three to five clicks instead of thousands.

Here is a quick video to show you exactly how bulk updates work in The Boring Toolbox: 

How to Update Your Camera Settings Manually in Milestone Management Client

1. Log into the XProtect Management Client​

2. Click on "Recording Servers", expand the recording server​

3. Select a camera hardware, click the settings tab, change HTTPS Enabled to "Yes"​

4. To force re-authentication, right click on the hardware, uncheck "Enable"​

5. Right-click on the hardware, check "Enable"​

6. Repeat all the above steps for EVERY camera you would like to enable HTTPS on​

If you have more than a handful of cameras, you can see why this tedious task might take you an annoying amount of time to complete. 

You can save yourself the headache by signing up for a 30-day free trial of The Boring Toolbox and utilizing the bulk update functionality to change the settings on all of your hardware at once. 

Team Boring

Your go-to XProtect eXPerts. We learn the technical stuff that will save you time and make it less boring.

Team Boring

Your go-to XProtect eXPerts. We learn the technical stuff that will save you time and make it less boring.

You Might Also Enjoy…