How to configure HTTPS certificate

You are here:
< Back

Https protocol is Hyper Text Transfer Protocol over Secure Socket Layer. With this protocol,the data transmitted can be encrypted to enhance security level. Hikvision products provide self-signed certificate, which means user can use free Https certificate in local area network. Besides, user can install signed certificate or create certificate request .

This article shows how to configure Https protocol in 3 ways.

1 Self-signed certificate

Self-signed certificate is Hikvision’s private certificate which provides user with secure link to access to device. It’s highly recommended to be used in local area network. Access to the webpage of device (NVR is the sample device in this article), go to

Configuration-Network-Advanced Settings-HTTPS:

Choose Create Self-signed certificate and click create, input the basic information and click ok.

Check Enable and click Save, a self-signed certificate will be installed into the device.

The address format of https is https://IPaddress:Port, notice that all self-signed certificate will pop out below hint, click Continue to this website.

2 Create certificate request

Hikvision products supports quick-export certificate request, you can upload this request to some official certificate authorities.

Click Create, input basic information of certificate, notice that fixed public IP address or domain name is required as Hostname/IP. Notice: Don’t input request password for NVR which runs an older firmware version than V3.4.62.

After creating request, download it to PC. This request could be used to apply for official https certificate.

3 Install signed certificate

After certificate is signed by official authority, user can install it to the device. Notice that the public IP address or domain name must match the device’s actual IP address. User can access to device with https link in public network.

Notice: (1) Only PEM format certificate is supported; (2) NVR can only recognize the certificate which is generated basing on the request exported by itself; (3) A new signature is required when user re-uploads the certificate.