Migrating from the EMS/LSR Built-in Certificates
The 5.4.5 release of the EMS and Lua Script Resource (LSR) removes the built-in key and certificate that has existed in previous releases. This change means that you will no longer be able to use the use_default_certificate option in the EMS, or the script_resource_use_default_certificate option in the LSR.
Both the EMS and LSR have built-in web servers that support communicating over TLS. You are now required to provide your own certificate and private key file when the EMS and Lua ScriptResource are configured to communicate over TLS.
The following two sections summarize the configuration changes for the EMS and the LSR. For detailed information on creating a private key or a certificate, using a certificate chain between the EMS and the LSR, or using a Certificate Authority List for validation, refer to
Using a Custom Certificate and Private Key.
Click the title of a section to display its content. To hide the content, click the title again:
Configuration Changes for EMS (config.json)
The use_default_certificate option has been removed from the http_server group in config.json. You will now need to add three configuration options when running with SSL
• certificate — Path to a PEM encoded certificate file. This can be a self-signed certificate or a certificate chain, meaning it contains the end entity (that is, the server) certificate, followed by n number of Intermediate Certificate Authority certificates.
• private_key — Path to a PEM encoded, encrypted private key file.
Example EMS Configuration
Below is an example configuration
"http_server": {
"host": "localhost",
"port": 8443,
"ssl": true,
"certificate": "/path/to/certificate/file",
"private_key": "/path/to/private/key",
"passphrase": "some_encrypted_passphrase"
},
Configuration Changes to Lua ScriptResource (config.lua)
The changes for config.lua are:
• script_resource_certificate_chain—Path to a PEM encoded certificate file. This can be a self-signed certificate or a certificate chain, meaning it contains the end entity (that is, the server) certificate, followed by n number of Intermediate Certificate Authority certificates.
• script_resource_private_key—Path to a PEM encoded, encrypted private key file.
Example of LSR Configuration Changes
Below is an example configuration for LSR:
scripts.script_resource_host = "127.0.0.1"
scripts.script_resource_port = 8443
scripts.script_resource_ssl = true
scripts.script_resource_certificate_chain = "/path/to/certificate/file"
scripts.script_resource_private_key = "/path/to/private/key/file"
scripts.script_resource_passphrase = "some_encrypted_passphrase"