*Node configuration
When the INVR software is hosted on the main iProtect server:
In the iProtect™ Aurora menu, go to “Installation” > “Hardware” > “Line”.
Click on the “Search” button.
In the browse window, right-click on the line to which the node should be added and select “Add node”. The details pane will open.
Select the following specifications
Node type : “iNVR”
Max disk usage : 80 (recommended)
Active : (mark field)
HTTP port : 4040 (default value)
HTTPS port: 443 (default value) (available from iProtect version 10.01)
IP address : The iProtect™ server IP address from which the server is connected to access control substations (Pluto, ipu-8, Polyx, etc)
GUI IP address : The IP address from which iProtect™ clients should retrieve pictures. During local use, the IP address used by the GUI to connect to the INVR server. If an additional external connection is also in place (e.g. across a router), a host name instead of an IP address can be used. A DNS system should be used to allow the GUI to connect to the INVR. If no DNS is available, this name could also be configured in the local host list in all clients; To do this, go to: c:\windows\system32\driversetc\hosts and open it in notepad. At the bottom of the list, add the IP address that you use to access iProtect™ Aurora (can be a router address) and enter the same host name as configured in iProtect™ Aurora.
Click on “Save”.
When the INVR software is hosted on a dedicated iProtect INVR server:
The dedicated iProtect INVR server must use the same iProtect version as the iProtect main server. a iProtect license is however not required, since only the INVR process will be used.
Synchronize iprotectjava.key
Download the keystore from the iProtect main server
Login to the maintenance page of the iProtect main server
Click: iProtect > Standby > Download > Keystore
Extract the *.taz file en retrieve the iprotectjava.key
Upload the iprotectjava.key to the dedicated INVR server
On the INVR server replace the file with SFTP in folder:
iProtect version 10.01 and lower: /home
iProtect version 10.02 and higher: /home/atlas
Restart the JAVA processes:
Login to the maintenance page of the iProtect main server
Click: iProtect > Services > General > Restart user interface
Synchronize certificates (for iProtect version 10.02 and higher)
From iProtect version 10.02 and higher we only support video images over https. Video images will than only be shown when the certificate of the dedicated INVR server is recognized/ has the same CA as the iProtect main server. If the certificate for the iProtect main server is provided by the customer the certificate for the dedicated INVR server must also be provided by the customer (same CA).
If the iProtect main system is in “OwnCA” mode than the iProtect main server must provide this certificate.
Create certificate CSR on the dedicated INVR server
Login to the maintenance page of the iProtect main server
Click: iProtect > Certificate > Configuration
At option, select: Create CSR certificate request
At certificate, enter the necessary certificate details, at the Subject Alternative Names field enter the IP-addresses and/ or DNS names (comma separated) used by the GUI to connect to the dedicated INVR server
Click: iProtect > Certificate > Download, and click: CSR certificate request to download the CSR
Let the customer sign the CSR in case the customer provides the certificates, or sign the CSR on the iProtect main server:
Login to the maintenance page of the iProtect main server
Click: iProtect > Certificate > Configuration
At Upload CSR: Upload the CSR file. a check will be performed and when OK the certificate will be signed, a download button will appear
Click the download button, the signed certificate and the public root certificate will be downloaded in a *.zip file
Install the certificate on the iProtect dedicated INVR server:
Login to the maintenance page of the iProtect main server
Click: iProtect > Certificate > Configuration
At option, Install certificate: Select the downloaded *.zip, and click post
A check will be performed, when OK the activate button will be shown
Click the activate button to activate the certificate
Create INVR node
In the iProtect™ Aurora menu, go to “Installation” > “Hardware” > “Line”.
Click on the “Search” button.
In the browse window, right-click on the line to which the node should be added and select “Add node”. The details pane will open.
Select the following specifications
Node type : “iNVR”
Max disk usage : 80 (recommended)
Active : (mark field)
HTTP port : 4040 (default value)
HTTPS port: 443 (default value) (available from iProtect version 10.01)
IP address : The iProtect™ dedicated INVR server IP address
GUI IP address : The IP address from which iProtect™ clients should retrieve pictures. During local use, the IP address used by the GUI to connect to the INVR server. If an additional external connection is also in place (e.g. across a router), a host name instead of an IP address can be used. A DNS system should be used to allow the GUI to connect to the INVR. If no DNS is available, this name could also be configured in the local host list in all clients; To do this, go to: c:\windows\system32\driversetc\hosts and open it in notepad. At the bottom of the list, add the IP address that you use to access the iProtect™ Aurora dedicated INVR server (can be a router address) and enter the same host name as configured in iProtect™ Aurora for the dedicated INVR server.
Click on “Save”.
When the INVR software is hosted on a Windows server:
The Windows INVR installer must be the same iProtect version as the iProtect main server.
Synchronize iprotectjava.key
Download the keystore from the iProtect main server
Login to the maintenance page of the iProtect main server
Click: iProtect > Standby > Download > Keystore
Install the INVR service with the iprotectjava.key on the Windows server
Put the iprotect.key.sun.taz file in the same folder as the INVR for Windows installer file
Run the INVR for Windows installer, the iprotectjava.key will be automatically installed
Do not change the name of the iprotect.key.sun.taz file, otherwise the installation of the iprotectjava.key will failed.
Synchronize certificates (for iProtect version 10.02 and higher)
From iProtect version 10.02 and higher we only support video images over https. Video images will than only be shown when the certificate of the dedicated INVR server is recognized/ has the same CA as the iProtect main server. If the certificate for the iProtect main server is provided by the customer the certificate for the dedicated INVR server must also be provided by the customer (same CA).
If the iProtect main system is in “OwnCA” mode than the iProtect main server must provide this certificate.
Creating certificate CSR file on the windows INVR server
To create the certificate for the Windows INVR software we will use the tool “Keystore explorer”
1.Download and install “Keystore explorer” from https://keystore-explorer.org/
Start keystore explorer
Click: Create new keystore
Select PKCS#12, and click OK
Right click and select Generate key pair
Leave on default (RSA) and click OK
Change validity end to the desired end date and Click add extensions
Click use standard template, select CA, than OK
Click the green + and add extension Subject Alternative Name, click OK
10. Add all DNS names/ addresses that are used to connect to the INVR host system and click OK
11.Set certificate settings, as desired (the printscreen is a example)
12. Click OK until the dialogue is closed, when asked for “Enter Alias”, tomcat must be filled. click OK
When asked for the password, at default this must be changeit (*can be different if desired)
13. Right click on just created keypair and select: Generate CSR
14. Set the location where the file is saved and click OK
Signing process of the certificate CSR file and creating .keystore file.
Let the customer sign the CSR in case the customer provides the certificates, or sign the CSR on the iProtect main server:
Login to the maintenance page of the iProtect main server
Click: iProtect > Certificate > Configuration
At Upload CSR: Upload the CSR file. a check will be performed and when OK the certificate will be signed, a download button will appear
Click the download button, the signed certificate and the public root certificate will be downloaded in a *.zip file
Install the certificate on the Windows INVR server:
Extract the iprotect-signed-csr.zip file
Import the “signed-csr.crt” file by right clicking the certificate and selecting: Import CA Reply > From File
Import all root and intermediate certificates to complete the chain, by right clicking the certificate and selecting: Import Edit Certificate Chain > Append Certificate
Check certificate, by right clicking the certificate and selecting: View Details > Certificate Chain Details
If all is OK, save this certificate as .keystore in the INVR home folder. Default location: c:\iNVR\home\.keystore (replace the default .keystore file)
Restart the INVR service
Start services.msc
Restart the INVR process, by right clicking the service and than click “restart”
*If the password for the certificate is other than changeit, than this should be adjusted in the file: C:\iNVR\home\atlas\iprotect\catalina_base\conf\server.xml
Create INVR node
In the iProtect™ Aurora menu, go to “Installation” > “Hardware” > “Line”.
Click on the “Search” button.
In the browse window, right-click on the line to which the node should be added and select “Add node”. The details pane will open.
Select the following specifications
Node type : “iNVR”
Max disk usage : 80 (recommended)
Active : (mark field)
HTTP port : 4040 (default value)
HTTPS port: 4443 (available from iProtect version 10.01)
IP address : The iProtect™ dedicated INVR server IP address
GUI IP address : The IP address from which iProtect™ clients should retrieve pictures. During local use, the IP address used by the GUI to connect to the INVR server. If an additional external connection is also in place (e.g. across a router), a host name instead of an IP address can be used. A DNS system should be used to allow the GUI to connect to the INVR. If no DNS is available, this name could also be configured in the local host list in all clients; To do this, go to: c:\windows\system32\driversetc\hosts and open it in notepad. At the bottom of the list, add the IP address that you use to access the iProtect™ Aurora Windows INVR server (can be a router address) and enter the same host name as configured in iProtect™ Aurora for the Windows INVR server.
Note that in this setup, the HTTPS port setting is port 4443 instead of 443.
Click on “Save”.