• Webinars
  • Docs
  • Download
  • Blogs
  • Contact Us
Show / Hide Table of Contents
  • Administrator's Guide
  • NCache Architecture
    • Cache Topologies
    • Cache Cluster
    • Local Cache
    • Cache Client
    • Client Cache
    • Data Load Balancing
    • Cache Server Backward Compatibility
    • Client Backward Compatibility
    • Eviction
    • Indexing
    • Runtime Data Sharing
    • Portable Data Types
    • Class Versioning
    • IP Binding with Multiple NICs
    • Graceful Node Down
    • Separate Cache Host Process
    • Self Healing Dynamic Clustering
  • Configuring Caches
    • Create Cache
      • Creating Local Cache
        • Create New Cache
        • Add Existing Cache
      • Creating Clustered Cache
        • Create New Cache Cluster
        • Add Existing Cache Cluster
    • Remove Cache
    • Clear Cache Contents
    • Adding Server Node in Cache Cluster
    • Removing Server Node from Cache Cluster
    • Configuring Basic Cache Settings
      • Cache Size
      • Cache Isolation Levels
      • Cache Data Expiration
      • Cache Data Format
    • Configuring Cache Cluster Settings
      • Ports
      • Operation Timeout
      • Static Replication Interval
      • Connection Retries
      • Retry Interval
    • Add Test Data to Cache
    • Deploy Providers
    • Configuring Query Indexes
    • Registering Classes for Compact Serialization
      • Registering Non-Generic Classes
      • Unregistering Non-Generic Classes
      • Registering Generic Classes
      • Registering Generic Classes Using Generic Type Handler
    • Registering Classes for Portable Data Sharing
    • Configuring Data Source Providers
      • Read-Through Provider
      • Write-Through Provider
      • Write-Through Provider for Write-Behind Operations
    • Configuring Cache Startup Loader
    • Configuring Cache Level Events
    • Configuring Cache Activity Events
    • Configuring Eviction Policy
    • Configuring Compression
    • Configuring Email Notifications
    • Binding Cluster and Client/Server IP with Multiple NICs
      • Binding Cluster with a Dedicated IP
      • Binding Client/Server with a Dedicated IP
    • Configuring Heartbeat
    • Configuring MapReduce
    • Configuring Communication Reliability
    • Auto Start Cache on Boot
    • Nagling
    • Dual Socket
    • Error Logging
    • Configuration Files
      • Client Side Configurations
        • Client Config
        • EFCaching Config
      • Server Side Configurations
        • Cache Config
        • Bridge Config
        • Security Config
      • Cache Server Configuration
  • Management Operations
    • Start Cache
    • Stop Cache
    • Restart Cache
    • Manage Cache Service on a Server Node
    • Apply Configuration
    • Hot Apply Configuration
    • Reset Configuration
    • Data Load Balancing
  • Configuring Cache Clients
    • Adding Client Node in Cluster
    • Removing Client Node from Cluster
    • Configuring Client Node Settings
    • Creating Client Cache
    • Enable Client Cache on Client Nodes
    • Disable Client Cache on Client Nodes
    • Removing Client Cache
    • Configuring Client Cache Settings
  • Configuring Security
    • Configuring Security for Cache Management
    • Configuring Security for Cache
    • Configuring Security for Client Nodes
    • Configuring Encryption for Cache
    • Configure SSL/TLS Encryption in NCache
  • Configuring Bridge for WAN Replication
    • Creating Clustered Bridge
    • Adding Clustered Caches to Bridge
    • Configuring Bridge Settings
    • Configuring Conflict Resolver
    • Changing Cache Syncronization Modes
    • Configuring Master Cache
    • Force State Transfer
    • Connect/Disconnect Cache in Bridge
    • Remove Cache from Bridge
    • Bridge Management
  • NCache on Docker
    • Using NCache Docker Images
    • Customize NCache Dockerfile
  • Monitoring NCache
    • Cache Counters
    • Monitoring Caches using NCache Manager
      • Changing Management Port of Cache Node
      • Configuring Counters to Display
      • Browse Cache Statistics
      • Cluster Health
      • Monitoring Cache Clusters using NCache Email Alerts
    • Monitoring Caches using NCache Monitor
      • Monitoring with Built-In Dashboard
      • Monitoring with Custom Dashboard
    • Monitoring Bridge using NCache Manager
    • Monitoring NCache using Windows PerfMon Tool
      • Monitoring Cache Server Counters Using PerfMon
      • Monitoring Cache Client Counters Using PerfMon
      • Monitoring Bridge Counters Using PerfMon
    • Logging in NCache
      • NCache Log Viewer
      • NCache Monitor Logging
      • Performance Counters Logging
      • Windows Event Logging
      • Email Notifications on NCache Events
      • Cache Server Logging
      • Client Side API Logging
      • Cache Event IDs
    • Troubleshooting NCache Monitoring
      • Computer Name Not Found
      • Diskperf Not Installed
      • No READ Access to the Perflib Subkeys
      • Unable to Connect to Remote Server
    • IPV6 Support
  • Upgrading NCache Versions
    • Live Upgrade NCache Version
    • Upgrade NCache Version Offline
  • Apply Windows Patches on NCache Server

Configure SSL/TLS Communication in NCache

Note

This feature is only available in NCache Enterprise Edition.

NCache provides the facility to enable TLS/SSL encryption (using TLS 1.2) over the network to ensure secure data exchange takes place between the server and the authorized client.

Users can hence enable any issued or self-signed SSL certificate to enable connections of the client with NCache server. This guarantees encrypted data transmission by default. Moreover, NCache provides the flexibility of optionally providing the certificate over the client machine.

Prerequisites

Before issuing a SSL certificate in NCache, the following prerequisites must be considered:

  • The certificate must have a private key.

  • The private key must be exportable, to be exported to all nodes including the client machine.

Before enabling SSL security, make sure that:

  • Cache and client processes have been stopped.

  • The certificate is installed in the Trusted Root Certificate Authorities store in Microsoft Management Console. If it is in the Personal folder, drag-and-drop the certificate to the Certificates folder in Trusted Root Certificate Authorities.

  • If the client certificate is to be made optional, please refer to the Property table below for detailed prerequisites in this case.

Enabling SSL Certificate in NCache

  • The certificate can now be enabled for NCache through Registry Editor in the key location HKEY_LOCAL_MACHINE\SOFTWARE\Alachisoft\NCache.

  • Right-click on NCache -> New -> Key.

  • Name this key “TLS”.

  • Create the following properties of the certificate, by right-clicking on TLS -> New.

Property Type Description
CertificateName String Name of the certificate to be enabled for NCache SSL security. Steps to obtain the value have been specified after the table.
Thumbprint String Unique identifier for each certificate. Steps to obtain the value have been specified after the table.
Enabled DWORD Boolean value to enable or disable SSL certificate. Enable SSL by setting the value to 1.
RequireClientCertificate DWORD Boolean to specify whether the certificate is required at client end or not. Note the following pre-requisites for each case:
  • RequireClientCertificate = 1:
    The SSL certificate should exist on both server and client. The value for this property must be 1 on both server and client.
  • RequireClientCertificate = 0:
    It is not mandatory for the SSL certificate to exist on the client machine; however, the issuer of the SSL certificate must have any other certificate issued on the client in the Trusted Root Certificate Authority. This creates “trust” between the client and server.
    • To obtain the CertificateName and Thumbprint values of the certificate:

      • Go to Microsoft Management Console.

      • Open the Trusted Root Certificate Authorities folder in the standard way.

      • Double-click on the certificate name.

      • Click on the Details tab.

      • Click on Friendly name, this value is the CertificateName.

      • Click on Thumbprint.

      • Copy the thumbprint value and edit it to remove spaces from the value. This value is to be provided to the Thumbprint property.

    • If the certificate is required on the client machine, set the value of RequireClientCertificate to 1, complying to the relevant prerequisites.

    The TLS key under Alachisoft will look like this:

    • Once the desired properties are set, restart the Cache and Client processes.

    • Export the certificate (through the standard way of exporting certificates) to all server nodes in the cluster (and all client nodes if client certificate is required) and perform the same steps to enable SSL security on all nodes.

    Note

    Once the certificates have been enabled, make sure that all client applications run on 64-bit machines.

    Back to top Copyright © 2017 Alachisoft