|
For examples of secure configurations for communications between the EMS and the LSR, refer to Setting Up Secure Communications for EMS and LSR. These examples are presented in order of least secure (testing purposes ONLY) to most secure (strongly recommended for production environments).
To learn how to encrypt application keys, passwords, and passphrases, refer to Encrypting Application Keys, Passwords, and Passphrases.
Wherever rap appears in the config.lua file, the property is referring to the EMS.
|
Property
|
Description
|
---|---|
scripts.rap_host
|
The host name or IP address of the machine that is running the EMS.
|
scripts.rap_port
|
The port on which the EMS listens for connections from LSR clients.
|
scripts.rap_ssl
|
Whether to enable the use of SSL/TLS for the connection to the EMS. By default the value of this property is true.
|
scripts.rap_userid
|
The user id to present to the HTTP Server of the EMS for authentication.
|
scripts.rap_password
|
The password for that user, AES encrypted. For information about encrypting passwords, refer to Encrypting Application Keys, Passwords, and Passphrases.
|
scripts.rap_server_authenticate
|
Whether to require authentication
|
scripts.fips_enabled
|
If ssl is true, whether FIPS is also used for the connection. The default value is false. Note that if you want to use FIPS, make sure that you download the EMS distribution package that has fips in its name.
|
scripts.rap_cert_file
|
The path to the CA certificate on the machine that is running the LSR.
|
scripts.rap_validate
|
Whether to enable certificate validation when the LSR communicates with the EMS. The default value is true.
|
scripts.rap_deny_selfsigned
|
When certificate validation is enabled and the LSR initiates communication to the EMS, this property is checked. If the value of this property is trueand the EMS is using a self-signed certificate (such as the default one shipped with the EMS), the LSR will refuse to connect and log an error. The default value of this property is true.
|
|
Starting with v.5.4.8, all sensitive data for the EMS and LSR, such as a password, is encrypted, and a data security key property is appended to the end of the configuration file. For details, refer to Automatic Configuration Encryption.
|