Invalid Security Certificate

jschulz_680169125388712

How can I obtain a valid security certificate for my RLC-822A camera?

Crimp On_62210811129

I believe the answer is, "The customer cannot replace the SSL Certificate. Live with it."

Modern web browsers have created a "Catch 22" situation with regard to web site security.

• They demand that the SSL Certificate presented by the web site is registered with one of the certificate authorities.
• Specifically, they automatically reject any "self-signed" SSL certificate as being inherently not trustworthy.
• But, it is logically inconsistent for a manufacturer to include a valid SSL certificate in customer products, so they create a self-signed certificate instead. Reolink has a trusted SSL certificate for the Reolink web site. All those cameras are not Reolink. They are thousands of individual customers.

The customer is caught (Catch 22)

• Accessing the product (in this case a camera) using the unencrypted web interface (port 80) results in, "not secure" (i.e. http instead of https)
• Accessing the product using the encrypted web interface (port 443) results in "not trusted". Buried in the denial is a method to "go there anyway." Usually in tiny type.

After the first time, web browsers remember, "go there anyway".

This situation is really annoying.

Christian

You can now upload certificates yourself for the newer models with the latest firmware.
However, that presupposes that you know how to do it.
Even if Reolink installs a valid certificate on its own, it is only temporary.

Crimp On_62210811129

@christian So cool. Could you post a screen shot of this option?

jschulz_680169125388712

I am trying to connect one of the cameras to an Avigilon server but get a communication error and a security warning with the device. the system finds and ID's the camera just fine. But says the video stream is unsecure and can't be encrypted as required. The installed certificate is invalid and just says Test.

jschulz_680169125388712

See Certificate

jschulz_680169125388712

The fact that Reolink refuses to provide valid credentials even upon asking, warrants suspicion as to the reasoning. Something I am very familiar with.

Christian

@jschulz_680169125388712

Are you sure you know how such certificates work at all?

How should the reolink deposit a certificate tailored to you?
You call up the camera via an IP and a corresponding certificate must exist for this.
Even if you use your own FQDN URL, there must be a certificate for it. Reolink cannot do that.

The certificate that is stored there is only intended for an HTTPS connection to be established at all.
The browser reports that it cannot be valid, because it is trying to check it with the CA it knows, but this cannot work.
All of this is completely normal behavior.

And as I said above, please use the WebGUI to see if you don't already find the function to upload your own certificate, as in the picture above.

joseph_1979

@christian Absolutely Correct. Only self signed certificate is used in HTTPS.

user_783763327668419_783763327668419

I know this is an old post but since I found it during searching for more info on SSL I thought maybe others would find my script to renew certificates using the API interesting.

https://gist.[censored]/velzend/895c18d533b3992f3a0cc128f27c0894

Have fun