Data integrity is the basic building block of providing security and protecting sensitive data from data theft or breach. To prevent tampering of data, the client-server applications use TLS (Transport Level Security) protocol to communicate across the network. TLS supports methods responsible for exchanging keys, encrypting data, and authenticating message integrity, hence, establishing a secure connection.
NCache is an in-memory distributed caching solution that fully supports encryption through SSL/TLS between client and server for a secure connection. It provides support for the most recent TLS version 1.2 and lets you enable SSL/TLS encryption just by a series of steps to follow and no code change. This blog briefly explains how to enable SSL/TLS between your server and client using NCache.
Why Use SSL/TLS in the First Place?
Before going into the detail of how to do it, let us comprehend why to do it? SSL/TLS allows the communication between the server and the client to be encrypted. Encrypted data simply means a secure communication where no outside source can intercept the information shared. For applications or websites where high-level security is needed such as online money transactions where only the communicating parties need to share the information, SSL/TLS encryption is a savior. Read more about encryption in NCache in the blog Diving Deeper into Encryption.
TLS needs a certificate for communication between the server and the client called SSL/TLS handshake. The certificate is an entity that holds the information required for encrypting the data between both parties. It contains a public key that is shared by the server and the client establishes the connection with the server, upon matching the key. This ensures that only the connected parties through the public key can make the communication and no third party can decrypt the messages. Have a look at Figure 1 for gaining more clarity:
Having understood that, let us talk about NCache. The advantage of NCache as mentioned earlier as well is that it allows you to enable the SSL/TLS encryption along with no code change. It is an easy procedure that ensures the communication establishment on a secure connection between the server and the client. Before going into detail on how to do it, there are a few pre-requisites that are to be considered necessary.
Prerequisites to Enable SSL/TLS Configuration
- You need to generate a self-signed certificate if you do not already have one. To create one please refer to Generating Self Signed Certificates.
- Make sure that the certificate you are using contains a private key.
- The private key must be exportable to all nodes including the client machine.
- Make sure that you have no cache and client processes running.
NCache provides SSL/TLS encryption for both Windows and Linux. The step-wise process for both is explained below:
Step by Step SSL/TLS Configuration in Windows
Follow the steps below on the NCache server and the client machine to configure SSL/TLS encryption for NCache in Windows:
Step 1: Enable SSL/TLS Certificate in NCache
- Through the Registry Editor, enable the certificate for NCache in the key location i.e. HKEY_LOCAL_MACHINE\SOFTWARE\Alachisoft\NCache. For a production environment, the certificate is recommended to be issued by a certificate authority.
- Create a new key and name the key TLS. Create the properties of the key which are as follows:
|CertificateName||Name of the certificate for NCache SSL Security. The type is a string.|
|CertificateThumbprint||A string-based identifier for the certificate.|
|Enabled||Setting to 1 enables the value and 0 is for disabling the value.|
|RequireClientCertificate||Setting to 1 means that the SSL certificate should exist on both server and client and 0 shows that the SSL certificate existing on the client machine is not mandatory.|
- As shown in the properties, the certificate name and thumbprint are required and for doing so, go to Microsoft Management Console. Add certificate by clicking Add/Remove Snap-in from the file menu.
- Add a certificate with a My User Account and open the Trusted Root Certificate Authorities folder. Go to details and the Friendly Name is the certificate name and Thumbprint (without spaces) is the certificate thumbprint value.
Step 2: Connect the Client Using the Certificate
- On the client machine, set the value of RequireClientCertificate to 1 as per requirements.
- Now restart the client and cache processes along with the NCache service. Make sure that the NCache service is running under the same user which imported the certificate.
Step by Step SSL/TLS Configuration in Linux
Follow the steps below on the NCache server and the client machine to configure SSL/TLS encryption for NCache in Linux:
Step 1: Login as NCache User and Create Directory
You need to ensure that you are logged into your Linux machine as the NCache user. After that, you have to create a home directory for NCache. Issue the following commands to create a home directory and give NCache its ownership:
sudo mkdir /home/ncache
sudo chown ncache /home/ncache
Step 2: Install Certificates on Your Machine
Once your home directory has been created, you need to install the certificates on your Linux machine. The following PowerShell commands create a store object with the store name Root and then install the SSL/TLS certificate RootCA.pfx in that store:
Step 3: Configure the tls.ncconf File
Many configuration files are shipped with the NCache setup. Among them is the tls.ncconf file. This file is responsible for enabling and configuring TLS/SSL with NCache. The following is a sample tls.ncconf file configuration where TLS/SSL is enabled and the name of the certificate along with the ThumbPrint value of the certificate are also provided:
Step 4: Restart NCache Service
Once you have gone through the steps above, restart the client and cache processes along with the NCache service. Make sure that the NCache service is running under the same user which imported the certificate. Once this is done, you can proceed to connect your client application as well.
Verify Successful Client Connection
NCache provides a rich set of PowerShell tools for management and client operations, one of them being the Test-Stress tool. It simulates a heavy transactional load on a cache to monitor the NCache performance under stress. This shows the successful connection established between the client and the NCache server. You can run this tool using Windows PowerShell by running the following command:
Test-Stress -CacheName your-cache-name
The output window on running the command shows the activity on the cache like shown below:
This is it; you can easily and seamlessly make secure connections and ensure encrypted communication over the network with NCache. To make sure that you face no issues while enabling the SSL/TLS encryption, please refer to the Troubleshooting section of the documentation where the commonly faced issues are discussed.
What have we learned?
We have discussed how to enable SSL/TLS security with NCache. NCache lets you secure your data with encryption that can be enabled easily with no code change. It guarantees encrypted data transmission between the server and the client. Not just this, NCache has a lot of other features that make your data secure. You can check out the other features on Security and Encryption in NCache.