ThingWorx WebSocket-based Edge MicroServer (WS EMS) and Lua Script Resource (LSR) > Examples of Configuring Secure Communications between the WS EMS and an LSR > Medium Security
  
Medium Security
The following examples provide a medium level of security. All communication between the WS EMS and LSR are encrypted and require basic authentication to be accessed. The examples use a self-signed certificate and private key.
* 
This configuration allows self-signed certificates, which is strongly discouraged for a production environment.
To fit the lines of configuration on the page, the lines have been broken up. If you copy/paste the lines, make sure that you adjust the line breaks accordingly. For example, the line containing the cert_chain property in the config.json example has been broken with a CR and extra spaces. You need to remove that line break and extra spaces after pasting it in your configuration file.
To learn about encrypting the passwords and passphrases, see Encrypting Application Keys, Passwords, and Passphrases.
Security Configuration with Authentication, Validation, and Custom Self-Signed Certificate / Key
WS EMS — config.json
LSR — config.lua
"http_server": {
"host": "localhost",
"port": 8000,
"ssl": true,
"certificate": "/ path/to/
certificate/file.pem",
"private_key": "/path/to/
private/key.pem",
"passphrase": "some_encrypted_passphrase",
"authenticate": true,
"user": "emsuser",
"password": "some_encrypted_password""
},
"certificates": {
"validate": true,
"allow_self_signed": true,
"cert_chain" : "/path/to/
ca/cert/list.pem"
}
-- EMS Connection Configuration
scripts.rap_host = "localhost"
scripts.rap_port = 8000

-- EMS Connection TLS Configuration
scripts.rap_ssl = true
scripts.rap_deny_selfsigned = false
scripts.rap_validate = true
scripts.rap_cert_file =
"/path/to/ca/cert/list.pem"

-- EMS Connection Authentication
-- Configuration
scripts.rap_server_authenticate = true
scripts.rap_userid = "emsuser"
scripts.rap_password = "some_encrypted_password"

-- HTTP Server Configuration
scripts.script_resource_host = "localhost"
scripts.script_resource_port = 8001

-- HTTP Server TLS Configuration
scripts.script_resource_ssl = true
scripts.script_resource_certificate_chain =
"/path/to/web/server/certificate.pem"
scripts.script_resource_private_key =
"/path/to/web/server/private/key.pem"
scripts.script_resource_passphrase = "some_encrypted_passphrase"

-- HTTP Server Authentication
-- Configuration
scripts.script_resource_authenticate = true
scripts.script_resource_userid = "luauser"
scripts.script_resource_password = "some_encrypted_password"