Preventing compromised certificates from being used in your system

If you suspect that an encryption certificate has been compromised, you can prevent the certificate from ever being used again in your system by removing it from the Archiver and deleting all key streams that were generated with that certificate.

To prevent an encryption certificate from being used in your system:

1. From the Config Tool home page, open the Video task.
2. Do one of the following:
   • If encryption is configured at the Archiver level, select the Archiver and click the Camera default settings tab.
   • If encryption is configured at the camera level, select the camera and click the Recording tab.
3. From the Certificates list, select the compromised certificate, and click Remove the item ().
   NOTE: You cannot leave Encryption on if there are no certificates configured.
4. Click Apply.
5. In the message box that appears, do one of the following:
   • Click Yes to delete the selected certificate with the associated key streams (client-specific key streams).
     BEST PRACTICE: This is the recommended choice if you know your certificate has been compromised.
     CAUTION: If this certificate is the only certificate from which you can access your encrypted data, deleting it means you can never recover your data.
   • Click No to delete only the selected certificate from the Archiver, without deleting the associated key streams.

     This option stops the Archiver from generating new key streams from the selected certificate. This prevents the affected client machines from accessing the new data from the encrypted camera. This does not prevent the data that was archived prior to this operation from being accessed from machines on which the selected certificate is installed.

6. Click Apply.