ThingWorx Edge MicroServer (EMS) > Configuring Secure Connections (SSL/TLS) > Migrating from the EMS/LSR Built-in Certificates
Migrating from the EMS/LSR Built-in Certificates
The 5.4.5 release of the EMS and Lua Script Resource (LSR) removes the built-in key and certificate that has existed in previous releases. This change means that you will no longer be able to use the use_default_certificate option in the EMS, or the script_resource_use_default_certificate option in the LSR.
Both the EMS and LSR have built-in web servers that support communicating over TLS. You are now required to provide your own certificate and private key file when the EMS and Lua ScriptResource are configured to communicate over TLS.
The following two sections summarize the configuration changes for the EMS and the LSR. For detailed information on creating a private key or a certificate, using a certificate chain between the EMS and the LSR, or using a Certificate Authority List for validation, refer to Using a Custom Certificate and Private Key.
Click the title of a section to display its content. To hide the content, click the title again:
Configuration Changes for EMS (config.json) 
The use_default_certificate option has been removed from the http_server group in config.json. You will now need to add three configuration options when running with SSL
certificate — Path to a PEM encoded certificate file. This can be a self-signed certificate or a certificate chain, meaning it contains the end entity (that is, the server) certificate, followed by n number of Intermediate Certificate Authority certificates.
private_key — Path to a PEM encoded, encrypted private key file.
passphrase — The passphrase to decrypt the private key. This field should be encrypted. To learn how, refer to Encrypting Application Keys, Passwords, and Passphrases)
Example EMS Configuration 
Below is an example configuration

"http_server": {
"host": "localhost",
"port": 8443,
"ssl": true,
"certificate": "/path/to/certificate/file",
"private_key": "/path/to/private/key",
"passphrase": "some_encrypted_passphrase"
},
Configuration Changes to Lua ScriptResource (config.lua) 
The changes for config.lua are:
script_resource_certificate_chain—Path to a PEM encoded certificate file. This can be a self-signed certificate or a certificate chain, meaning it contains the end entity (that is, the server) certificate, followed by n number of Intermediate Certificate Authority certificates.
script_resource_private_key—Path to a PEM encoded, encrypted private key file.
script_resource_passphrase—The passphrase to decrypt the private key. This field should be encrypted. For details on how to encrypt the passphrase, refer to Encrypting Application Keys, Passwords, and Passphrases.
Example of LSR Configuration Changes 
Below is an example configuration for LSR:

scripts.script_resource_host = "127.0.0.1"
scripts.script_resource_port = 8443
scripts.script_resource_ssl = true
scripts.script_resource_certificate_chain = "/path/to/certificate/file"
scripts.script_resource_private_key = "/path/to/private/key/file"
scripts.script_resource_passphrase = "some_encrypted_passphrase"
Configuring Secure Connections (SSL/TLS)
Setting Up Security for the EMS
Using a Custom Certificate and Private Key
Configuring the Connnection from the LSR to the EMS
Was this helpful?