Technical Application Note 0009

Enable and configure SSL settings on Carrida Cameras

Revision:4.6.1
Date:2021-03-03
Contact:support@carrida-technologies.com
Copyright:2017-2021 Carrida Technologies GmbH, Ettlingen, Germany
Author:Carrida

Home page

Table of Contents

1   Introduction

This TAN describes the setup of SSL on all Carrida cameras. The procedures described in this TAN are valid on all camera systems which are supported by Carrida, including the Carrida Cam Basic+ models.

2   SSL Components

All SSL related files are placed in:

/srv/carrida/.ssl_cert/

We call this the SSL folder in the remainder of this TAN.

The Carrida ANPR server uses fix filenames for SSL related files. The SSL should folder contain the following files when SSL is properly configured:

  • ssl_en [enable flag]
  • key.pem
  • cert.pem
  • cert_chain.pem [optional]
  • .ssl_pass [optional]

Based on the definition of the SSL protocol, the files have the following function:

ssl_en
Is an empty file that is used to enable/disable usage of SSL on the server. In other words, it switches between HTTP and HTTPS protocols. The presence of this file is considered as a flag to enable the SSL/TLS protocol, otherwise this protocol will not be used and the Carrida webGUI is available at the port 80 (HTTP). Note that SSL is disabled per default.
key.pem
Contains the private key related to the SSL certificate.
cert.pem
This is the SSL certificate that will be used by the server.
cert_chain.pem [optional]
This file is used to load a whole chain of certificates issued by intermediate CA up until the root CA that was used to generate the certificate.
.ssl_pass* [optional]
This is also an optional file which is intended for the storage of the pem password for private key encryption.

3   Setup of SSL on the camera

As mentioned above, the SSL is per default disabled. Upon installation of Carrida, the SSL directory contains only a self-signed certificate-key pair (cert.pem and key.pem). These default certificates render the connection as unsafe when you connect to the camera using your web browser.

3.1   Enabling SSL

In order to enable SSL on the camera or any board with the Carrida ALPR server, the ssl_en file should be created in or uploaded to the SSL directory.

3.2   Using your own certificates

Your own SSL certificate-key pair should be renamed as mentioned above. If the certificate chain is placed in an extra file, it should be renamed to cert_chain.pem. Furthermore, if the private key is password protected, a hidden text file .ssl_pass is to be created containing only the password string.

All prepared files can be uploaded to the Carrida camera. After a server restart the SSL properties will be loaded and used. HTTPS as well as SSH access to the camera is now available.

In the case of failure while loading the certificate, the server will start to listen at the (unsecure) port 80.