Secure web access to DS-7616NI-I2 possible ?

Cyc622

n3wb
Joined
Feb 24, 2018
Messages
9
Reaction score
0
Hi,

I am new to Hikvision NVR / platform.
I purchased a DS-7616NI-I2 (Firmware V4.22.000 build 190821) and already configured my ONVIF cameras and they work fine.

Now I am trying to configure DDNS web access to it using SSL.
I already have the redirection in the router to the NVR ip.

However when I try to access it from the outside at I am always getting the invalid certificate warning from the browser as the NVR certificate is a self signed certificate and not for my-domain.ddns.net

I also tried using the hik-connect platform but there I can only mobile and ivms access, I didn't find a way to have a secure web (browser) access that way either.

So, what is the recommended way to have a secure web access with no certificate warnings ?

Thanks,
Claudio.
 

StewartM

Getting the hang of it
Joined
Dec 11, 2017
Messages
260
Reaction score
75
Location
Cape Town
Not sure this will work in your case but a possible lead. Firefox allows you to add Server Exceptions. In settings under Privacy & Security>Certificates>View Certificates on the Servers tab try add a exception.
1575827186420.png
This works for my VPN setup. Several remote devices that use self-signed certs not longer have invalid cert. warnings using this method.
 

Cyc622

n3wb
Joined
Feb 24, 2018
Messages
9
Reaction score
0
Yes, I know about adding an exception in Firefox, thing is:

1. Most people use Chrome
2. I don't like having to add exceptions to each customer and forcing them to use Firefox.

I really can't believe there is no trusted web secure access out of the box a Hikvision NVR.
Indeed it seems almost funny being the world leading provider of security products, not having such option.

Thanks
Claudio.
 

StewartM

Getting the hang of it
Joined
Dec 11, 2017
Messages
260
Reaction score
75
Location
Cape Town
I could ramble on about several leading manufacturers with the same issue. I haven't run into your issue with Hikvision though. It is possible to add the cert. to the Trusted Root Certification Authorities in Chrome to remedy this but requires each and every client using Chrome to import the cert. It may be possible to use GP if your clients are on a domain. Agreed, it's a headache.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I really can't believe there is no trusted web secure access out of the box a Hikvision NVR.
Indeed it seems almost funny being the world leading provider of security products, not having such option.
On the assumption that you have purchased a certificate signed by a trusted root, check out the configuration option to import it :
1575908068531.png
 

Cyc622

n3wb
Joined
Feb 24, 2018
Messages
9
Reaction score
0
That would be nice: to have the option to import our real ceritificate.
However in latest firmware V4.22.000 Hikvision removed that option, at least I am not able to find it there anymore (see attached). 2019-12-09_14-30-01.png
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I unchecked everything still no import button
I don't have that exact model / firmware version of NVR, but I ran through the steps on a camera, as follows, which looks like it should be the same process :

With original self-signed cert, using IE11 with webcomponents active, delete button greyed out.
delete_greyed_out.jpg

Then with the delete button available and listing the prerequisites :
delete_available.jpg
delete_needed.jpg

And then the result after deletion :
import_available.jpg
 

Cyc622

n3wb
Joined
Feb 24, 2018
Messages
9
Reaction score
0
I was able to see the import option, but wasn't able to import my let's encrypt certificate into it.

Anyways I don't like the idea of the web interface installing a local service for working in chrome. I am used to BlueIris that doesn't require anything in the browser to work and it allows me adding the let's encrypt certificate, and was just seeing if I could do the same with Hikvison in order to centralize everything there. But I believe I will keep BlueIris for web access and also automations I have at my home that require MQTT communication that didn't find in Hikvision either.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Anyways I don't like the idea of the web interface installing a local service for working in chrome.
The newer camera firmware supports the websocket and websockets protocol and doesn't need any plugins to render video and do some config tasks.
 

Cyc622

n3wb
Joined
Feb 24, 2018
Messages
9
Reaction score
0
But I don't want to access each camera individually, I want a central interface where I can see all cameras, just as the one I have when I connnect locally to the NVR (GUI 4.0) or the one blueiris offers.
 

Cyc622

n3wb
Joined
Feb 24, 2018
Messages
9
Reaction score
0
Also my current cameras are ONVIF ones from different vendors.
 
Top