Medium Security

Examples of Configuring Secure Communications between the EMS and an LSR > Medium Security

Medium Security

The following examples provide a medium level of security. All communication between the EMS and LSR are encrypted and require basic authentication to be accessed. The examples use a self-signed certificate and private key.

This configuration allows self-signed certificates, which is strongly discouraged for a production environment.

To fit the lines of configuration on the page, the lines have been broken up. If you copy/paste the lines, make sure that you adjust the line breaks accordingly. For example, the line containing the cert_chain property in the config.json example has been broken with a CR and extra spaces. You need to remove that line break and extra spaces after pasting it in your configuration file.

Security Configuration with Authentication, Validation, and Custom Self-Signed Certificate / Key
EMS — config.json	LSR — config.lua
"http_server": { "host": "localhost", "port": 8000, "ssl": true, "certificate": "/ path/to/ certificate/file.pem", "private_key": "/path/to/ private/key.pem", "passphrase": "some_encrypted_passphrase", "authenticate": true, "user": "emsuser", "password": "some_encrypted_password"" }, "certificates": { "validate": true, "allow_self_signed": "true", "cert_chain" : "/path/to/ ca/cert/list.pem" }	-- EMS Connection Configuration scripts.rap_host = "localhost" scripts.rap_port = 8000 -- EMS Connection TLS Configuration scripts.rap_ssl = true scripts.rap_deny_selfsigned = false scripts.rap_validate = true scripts.rap_cert_file = "/path/to/ca/cert/list.pem" -- EMS Connection Authentication -- Configuration scripts.rap_server_authenticate = true scripts.rap_userid = "emsuser" scripts.rap_password = "some_encrypted_password" -- HTTP Server Configuration scripts.script_resource_host = "localhost" scripts.script_resource_port = 8001 -- HTTP Server TLS Configuration scripts.script_resource_ssl = true scripts.script_resource_certificate_chain = "/path/to/web/server/certificate.pem" scripts.script_resource_private_key = "/path/to/web/server/private/key.pem" scripts.script_resource_passphrase = "some_encrypted_passphrase" -- HTTP Server Authentication -- Configuration scripts.script_resource_authenticate = true scripts.script_resource_userid = "luauser" scripts.script_resource_password = "some_encrypted_password"

Was this helpful?