Station supports four different authentication modes. Each authentication mode is configured by providing specific files with credentials being defined by three types of files (
* denotes the credential category such as
*.trust: The server’s CA certificate which enables Station to establish trust into the server, whereby server means either LNS or CUPS;
*.crt: Private Station certificate;
*.key: Private Station key.
In this mode, Station establishes a plain websocket or HTTP connection with no authentication required. All three files
*.key SHALL be missing or empty.
TLS Server Authentication¶
Station authenticates the server (LNS or CUPS) by establishing a TLS connection (wss, https) and using the
*.trust file to verify that it is talking to the correct and genuine server. The server is not attempting to verify the identity of Station. The
*.key files SHALL be missing or empty.
TLS Server and Client Authentication¶
Station authenticates the server (LNS or CUPS) as before and the server is verifying the identity of Station by asking for its certificate
\*.crt and a signature with its private key
TLS Server Authentication and Client Token¶
Station authenticates the server (LNS or CUPS) as before and the server is verifying the identity of the Station by checking a security token provided by Station. The
\*.crt file SHALL be missing or empty, and
\*.key MUST contain one or more HTTP header fields which contain an authorization token such as:
All lines MUST be properly terminated by a CRNL sequence. It is possible to specify multiple lines.