Sound familiar? You log into the web interface of your brand-new IP camera, and a big, red "Not Secure" warning greets you in your browser's address bar. This can be annoying, and using an HTTP connection poses a security risk. But how can we make that green padlock appear without buying expensive, public certificates? We’ll show you how to set up your own “certificate factory” (Local CA) in a simple way. Keep reading if you’re interested in the topic!
When an IP camera is in its factory default state, its web interface (HTTP) is unencrypted. This means your login credentials (username, password) travel across the network as plain text, which a skilled attacker can easily intercept. Modern browsers (Chrome, Edge) warn you about this with a red "Not Secure" label.
The solution is to use an HTTPS (encrypted) connection. However, this requires a digital certificate. There’s no need to turn to an expensive third-party provider; we can set up our own “Certificate Authority” (Local CA), for which a Synology NAS is the perfect tool. This will be our “Boss,” authenticating our devices.
The process starts with a "handshake." The Techson camera generates a Certificate Signing Request (CSR), or we create one ourselves, which contains its data (e.g., IP address). We send this request to our own CA, which digitally signs it. The result is a validated certificate and the corresponding private key, which we download back to the camera in a single package (PEM file).
Once we’ve uploaded the certificate to the camera and “introduced” our own CA to our computer’s browser (by adding it to the trusted root certificates), the magic happens. The browser recognizes the valid signature, the connection becomes encrypted, and the reassuring green padlock appears in the address bar. Communication is now secure.
Generating your own certificates may seem complicated at first, but as the diagrams show, the process is logical and can be carried out in-house. With this method, we can not only get rid of the "Not Secure" label, but we can also make the management of our camera system truly secure without relying on external service providers.