10
default certificate (since AXIS Device Manager only allows one server certificate per device, and
the default certificate qualifies as both, client and server certificate).
If a Certificate Authority has been configured in AXIS Device Manager in step 1 (root CA or
intermediate CA), it is not required to remove the self-signed certificate on the device because
AXIS Device Manager will know the certificate which needs to be used is the one just generated.
By default, devices with 7.20 and above allow "HTTP & HTTPS”, which means an exclusive
HTTPS connection will be available after Enabling HTTPS in AXIS Device Manager.
Limitations
• Non-default ports (other than 443) are not supported.
• All certificates in an install batch must have same passphrase.
• If a device has HTTPS active and an already-uploaded certificate only containing
the hostname (i.e. not an IP address), then:
o Automatic discovery: It is possible to find and add the device as long as "use
hostname when possible” is checked. If it is not checked, the device cannot be
added.
o IP range discovery: It is not possible to find or add the device, regardless of the
"use hostname when possible" checkbox, since IP range discovery doesn't
handle any hostname.
o Add device from address: It is possible to add the devices as long as the
hostname is entered in the Address field, not the IP.
Use hostname checkbox mentioned in previous section
• Certificate operations over unencrypted channels, i.e. "Basic" are not supported. Devices
should be set to "Encrypted & unencrypted" or "Encrypted only" to allow "Digest"
communication.
• HTTPS cannot be enabled on the AXIS T85 PoE+ Network switch series.