Medium Security

Examples of Configuring Secure Communications between the EMS and an LSR > Medium Security

Medium Security

The following examples provide a medium level of security. All communication between the EMS and LSR are encrypted and require basic authentication to be accessed. The examples use a self-signed certificate and private key.

This configuration allows self-signed certificates, which is strongly discouraged for a production environment.

To fit the lines of configuration on the page, the lines have been broken up. If you copy/paste the lines, make sure that you adjust the line breaks accordingly. For example, the line containing the cert_chain property in the config.json example has been broken with a CR and extra spaces. You need to remove that line break and extra spaces after pasting it in your configuration file.

To learn about encrypting the passwords and passphrases, refer to Protecting Data with Encryption.

Security Configuration with Authentication, Validation, and Custom Self-Signed Certificate / Key
EMS — config.json	LSR — config.lua
"http_server": { "host": "localhost", "port": 8000, "ssl": true, "certificate": "/ path/to/ certificate/file.pem", "private_key": "/path/to/ private/key.pem", "passphrase": "some_encrypted_passphrase", "authenticate": true, "user": "emsuser", "password": "some_encrypted_password"" }, "certificates": { "validate": true, "allow_self_signed": "true", "cert_chain" : "/path/to/ ca/cert/list.pem" }	-- EMS Connection Configuration scripts.rap_host = "localhost" scripts.rap_port = 8000 -- EMS Connection TLS Configuration scripts.rap_ssl = true scripts.rap_deny_selfsigned = false scripts.rap_validate = true scripts.rap_cert_file = "/path/to/ca/cert/list.pem" -- EMS Connection Authentication -- Configuration scripts.rap_server_authenticate = true scripts.rap_userid = "emsuser" scripts.rap_password = "some_encrypted_password" -- HTTP Server Configuration scripts.script_resource_host = "localhost" scripts.script_resource_port = 8001 -- HTTP Server TLS Configuration scripts.script_resource_ssl = true scripts.script_resource_certificate_chain = "/path/to/web/server/certificate.pem" scripts.script_resource_private_key = "/path/to/web/server/private/key.pem" scripts.script_resource_passphrase = "some_encrypted_passphrase" -- HTTP Server Authentication -- Configuration scripts.script_resource_authenticate = true scripts.script_resource_userid = "luauser" scripts.script_resource_password = "some_encrypted_password"