Authentication Modes

Station supports four different authentication modes. Each authentication mode is configured by providing specific files with credentials being defined by three types of files (* denotes the credential category such as tc or cups):

  • *.trust: The server’s CA certificate which enables Station to establish trust into the server, whereby server means either LNS or CUPS;
  • *.crt: Private Station certificate;
  • *.key: Private Station key.

No Authentication

In this mode, Station establishes a plain websocket or HTTP connection with no authentication required. All three files *.trust, *.crt, and *.key SHALL be missing or empty.

TLS Server Authentication

Station authenticates the server (LNS or CUPS) by establishing a TLS connection (wss, https) and using the *.trust file to verify that it is talking to the correct and genuine server. The server is not attempting to verify the identity of Station. The *.crt, and *.key files SHALL be missing or empty.

TLS Server and Client Authentication

Station authenticates the server (LNS or CUPS) as before and the server is verifying the identity of Station by asking for its certificate \*.crt and a signature with its private key \*.key.

TLS Server Authentication and Client Token

Station authenticates the server (LNS or CUPS) as before and the server is verifying the identity of the Station by checking a security token provided by Station. The \*.crt file SHALL be missing or empty, and \*.key MUST contain one or more HTTP header fields which contain an authorization token such as:

Authorization: AZ385fgheuyuslo3due

All lines MUST be properly terminated by a CRNL sequence. It is possible to specify multiple lines.