ThingWorx WebSocket-based Edge MicroServer (WS EMS) and Lua Script Resource (LSR) > Examples of Configuring Secure Communications between the WS EMS and an LSR > High Security
  
High Security
The following examples provide a high level of security. All communication between the WS EMS and LSR are encrypted and require basic authentication to be accessed. The examples use a custom certificate and private key. The certificate is validated against a custom CA list. This configuration disallows self-signed certificates. This configuration is the recommended configuration for all production systems.
To learn about encrypting passwords and passphrases, see Encrypting Application Keys, Passwords, and Passphrases.
Highly Secure Configuration: Authentication, Validation, and Custom Certificate / Key
WS EMS — config.json
LSR — config.lua
"http_server": {
"host": "localhost",
"port": 8000,
"ssl": true,
"certificate":
"/pathto/cert/file.pem",
"private_key":
"/pathto/private/key.pem",
"passphrase": "some_encrypted_passphrase",
"authenticate": true,
"user": "emsuser",
"password": "some_encrypted_password"
},
"certificates": {
"validate": true,
"allow_self_signed": false,
"cert_chain" :
"/path/to/ca/cert/list.pem"
}
-- EMS Connection Configuration
scripts.rap_host = "localhost"
scripts.rap_port = 8000

-- EMS Connection TLS Configuration
scripts.rap_ssl = true
scripts.rap_deny_selfsigned = true
scripts.rap_validate = true
scripts.rap_cert_file =
"/path/to/ca/cert/list.pem"

-- EMS Connection Authentication
-- Configuration
scripts.rap_server_authenticate = true
scripts.rap_userid = "emsuser"
scripts.rap_password = "some_encrypted_password"

-- HTTP Server Configuration
scripts.script_resource_host = "localhost"
scripts.script_resource_port = 8001

-- HTTP Server TLS Configuration
scripts.script_resource_ssl = true
scripts.script_resource_certificate_chain =
"/path/to/web/server/certificate.pem"
scripts.script_resource_private_key =
"/path/to/web/server/private/key.pem"
scripts.script_resource_passphrase = "some_encrypted_passphrase"

-- HTTP Server Authentication
-- Configuration
scripts.script_resource_authenticate = true
scripts.script_resource_userid = "luauser"
scripts.script_resource_password = "some_encrypted_password"