How to use certificates to authenticate the camera in C#

This Console Application example demonstrates in a really simple manner how to use certificating methods to authenticate the IP camera. To implement this example, you need to have Ozeki Camera SDK installed, and a reference to OzekiSDK.dll should be added to your Visual Studio project.

How to use certificates to authenticate an Onvif camera using C#?

To establish the connection properly between your application and an IP camera you should apply the same code snippet what you have used in the example (How to connect to an IP camera device using C#?). Important: you should study this article in order to find out how to setup your Console Application correctly.

Getting started

To get started it is recomended to Download and Install the latest version of Ozeki Camera SDK. After installation you can find the example code discussed in this page with full source code in the following location on your harddisk:

Download Ozeki Camera SDK: https://camera-sdk.com/p_6513-download-onvif-ozeki-camera-sdk-for-c-sharp.html
Windows forms version: C:\Program Files\Ozeki\Ozeki SDK\examples.zip\Examples\Other\
Configure_Certificates_Console\Configure_Certificates_Console.sln

To compile this example you will need Microsoft Visual Studio installed on your computer.

The additional statements and methods of this example are the following:

If your IPCamera has been connected successfully to your computer then you can use your camera's CertificateManager class.

This operation creates a self-signed certificate. Certificates are identified using certificate IDs. These IDs are chosen by the certificate generation requester. This message contains (if applicable) the requested Certificate ID and additional requested parameters: subject, valid not before and valid not after:

_camera.CertificateManager.CreateCertificate("test", "test", new DateTime(2014, 1, 1), new DateTime(2014, 12, 31));

This operation gets all NVT server certificates for the device (including self-signed). The server certificates are used for TLS authentication purposes. This command lists only the server certificates of the device (not trusted client certificates or trusted roots). The certificates are returned as binary data:

_camera.CertificateManager.GetCertificates();

This operation gets the status (enabled/disabled) of the NVT TLS server certificates:

_camera.CertificateManager.GetCertificatesStatus();

This operation sets the status (enable/disable) of the NVT TLS server certificates. Typically only one NVT server certificate is allowed to be enabled at a time:

_camera.CertificateManager.SetCertificatesStatus(_statusList);

This operation gets the status (enabled/disabled) of the NVT TLS client authentication:

_camera.CertificateManager.GetClientCertificateMode();

This operation sets the status (enabled/disabled) of the NVT TLS client authentication:

_camera.CertificateManager.SetClientCertificateMode(true);

NVT TLS server certificate(s) have been created using the PKCS#10 certificate request command, for example, they can be loaded into the NVT using this command. The certificate ID in the request is optional to set the ID value the NVC wish to have. The NVT may sort the received certificate(s) based on the public key and subject information in the certificate(s):

_camera.CertificateManager.LoadCertificates(_certificatesList);

Use certificates to authenticate the camera example in C#

Program.cs

using System;
using System.Collections.Generic;
using Ozeki.Camera;
using Ozeki.Media;

namespace ConfigureOnvifCameraRemotely10
{
    class Program
    {
        private static IIPCamera _camera;
        private static List<IPCameraCertificate> _certificatesList;
        private static List<IPCameraCertificateStatus> _statusList;

        private static void Main(string[] args)
        {
            _camera = new IPCamera("192.168.112.109:8080", "user", "qwe123");
            _camera.CameraStateChanged += _camera_CameraStateChanged;
            _camera.Start();

            Console.ReadLine();
        }

        private static void _camera_CameraStateChanged(object sender, CameraStateEventArgs e)
        {
            if (e.State == CameraState.Connected)
            {
                Console.WriteLine("Connected");
                _camera.CertificateManager.CreateCertificate("test", "test", new DateTime(2014, 1, 1), new DateTime(2014, 12, 31));
                Console.WriteLine("Certificate created");
                _certificatesList = _camera.CertificateManager.GetCertificates();
                _statusList = _camera.CertificateManager.GetCertificatesStatus();
                _camera.CertificateManager.SetCertificatesStatus(_statusList);
                _camera.CertificateManager.GetClientCertificateMode();
                _camera.CertificateManager.SetClientCertificateMode(true);
                Console.WriteLine("Client certificate mode enabled");
                _camera.CertificateManager.LoadCertificates(_certificatesList);
                Console.WriteLine("Certificate list loaded");
            }
        }
    }
}
	
Code 1 - Use certificates to authenticate the camera example in C#

Please note that none of the cancel and disconnect methods are included in the example because of the demonstrating intent and briefness of the article.

Console output

console output
Figure 1 - Your console output

DISCLAIMER: Please note that the following features will only work if your IP camera supports the given function. You should check the user manual of your IP camera to make sure it supports the feature that you wish to implement in C#.

Related Pages

FAQ

Below you can find the answers for the most frequently asked questions related to this topic:

  1. How can I get the URL of the camera?

    You can get the URL from the producer of the camera. (In the 10th tutorial you can find information on how to create an own IP camera discoverer program.)

  2. I have not managed to build the solution. How to solve it?

    • Please set the Target framework property of the project to .NET 4.0.
    • You should add the OzekiSDK.dll to the references of the solution.
    • Please import the missing classes.

More information