SSL certificates explained simply – why they are important for cameras
Trust is the be-all and end-all in the security industry.
But the crucial question is: Who or what do we actually trust?
As a rule, we trust
- what we can perceive with our own senses,
- what is comprehensible,
- or what has been confirmed to us by a trustworthy source.
A few simple examples:
- I trust my car’s brakes because they are regularly serviced at my garage in accordance with the manufacturer’s specifications.
- I entrust my money to my bank because I assume that it will be kept safe there.
- I trust a kindergarten because friends and family have recommended it to me.
Trust is therefore created through personal experience or through trustworthy external confirmation.
The bridge to camera security
Let’s imagine a simple situation:
A camera in the garden monitors the barbecue hut with the expensive ‘Smoker 3000’.
I can view the camera image on my PC or smartphone.
As I can see both the camera and the barbecue hut from my living room, I can check with my own eyes:
Is the image really up to date?
Did it really come from my camera?
Here I can build trust with my own senses.
When trust is no longer visibly verifiable
The situation is different on a large company premises:
- Dozens of cameras
- No direct visual contact
- High material assets
- Critical infrastructure
Here, I can no longer check whether the image is real ‘from my living room window’.
The crucial question is:
Is the image displayed really coming from this camera –
or from a manipulated device that only shows a still image in an endless loop?
Or is it a hacker site that wants to steal my camera access data, for example?
The solution: SSL certificates
An SSL certificate (correctly: TLS certificate) fulfils two important tasks:
-
It confirms the authenticity of the device
-
SSL also ensures encrypted communication
We are familiar with this principle from online banking:
When I visit my bank’s website, my browser displays a padlock symbol.
Why?
A trusted certification authority (CA) has verified that:
- the bank exists
- the website actually belongs to the bank
My browser trusts this certification authority.
That’s why I know:
I am truly connected to my bank –
and my login details are transmitted in encrypted form.
The same principle applies to MOBOTIX cameras
This technology can also be used for cameras:
- The certificate confirms the authenticity of the camera.
- Communication is encrypted.
- Tampering and eavesdropping are prevented.
Self-signed vs. publicly signed certificates
Self-signed certificates
These can be created yourself using MXMC, for example.
Features:
- Free of charge
- Same strong encryption technology
- Ideal for internal company networks
- Admin must store the certificate once in the browser or system
Comparison:
A company ID card.
It is completely trustworthy internally –
but outside the company, no one knows it and it cannot be used to enter the United States!
Ideal if:
- Only company employees have access
- All devices are managed by your own IT department
Publicly signed certificates (CA certificates)
Features:
- Usually subject to a fee
- Fixed term
- Automatically trusted worldwide
- No manual storage in the browser required
Comparison:
A passport that is internationally recognised.
Ideal if:
- External access is required
- Cameras are accessible via the internet
- Company policies require this
Important clarification
An SSL/TLS certificate in conjunction with the TLS protocol guarantees:
- Authenticity
- Integrity
- Encrypted communication
Only connections via HTTPS are truly secure.
Recommendation from MOBOTIX AG
Always use SSL certificates to ensure the authenticity of the camera and encrypted communication.
Self-signed certificates are already stored on MOBOTIX cameras in their factory default state (based on the factory default IP address).
Important security note
ROOT certificates and private keys must never be disclosed to unauthorised persons.
Comparison:
They are like the printing plates for banknotes.
These are kept safely stored at the Federal Printing Office – only the finished money is put into circulation.
In brief
SSL certificates in conjunction with the TSL protocol ensure that:
- the camera is really the camera
- no one can manipulate the communication
- no one can read the data
- trust is technically secured
Trust is good.
Technically secured trust is better.
The MxMC SSL Certificate Manager
Offers the option of keeping camera certificates up to date. Supports both self-signed certificates and public certificates.
MxMC quickly and conveniently creates device-specific SSL certificates and automatically distributes them to the selected cameras.
The chain of trust remains completely intact and can be traced back to the original root certificate without any gaps.
