Configure HTTPS for Web Manager in Linux
HTTPS is widely used for secure communication over a network. In HTTPS, the communication protocol is encrypted using a certificate. NCache enables the use of HTTPS for Web Manager in Linux through TLS certificates. Here we explain the steps to configure HTTPS for the NCache Web Manager in Linux using self-signed certificates.
Pre-requisites
- To enable HTTPS for NCache Web Manager in Linux, you must have OpenSSL installed on your machine for certificate creation.
Create a Test Certificate
HTTPS requires TLS certificate since the traffic is encrypted by SSL/TLS. Therefore, the first step is to create a self-signed TLS certificate if it has not been generated already. For example:
openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -keyout MyKey.key -out MyCertificate.crt
You can also use .pfx certificate instead of .crt certificate.
Certificate Installation
Since ncache user does not have read access to the certificate files, you need to give read access to ncache user. Follow these steps to give read access on certificate and key file in Linux.
Login to your machine as administrator and make sure that NCache service is running under the
ncacheuser.Run the following commands
With .crt certificate
Run the following commands in your terminal:
sudo chmod +r <path of the .crt file>
sudo chmod +r <path of the .key file>
With .pfx certificate
Run the following commands using PowerShell to create ncache directory, change its owner to ncache, create a certificate store, add a .pfx certificate to the store:
sudo mkdir /home/ncache
// copy certificate to the following directory
cp /certificate_path /home/ncache
sudo chown -r ncache /home/ncache
cd /home/ncache
$store=[System.Security.Cryptography.X509Certificates.X509Store]::new([System.Security.Cryptography.X509Certificates.StoreName]::Root,[System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser,[System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add([System.Security.Cryptography.X509Certificates.X509Certificate2]::new("MYCertificate.pfx","password1234",[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet))
Update Web Manager Configuration
Once your certificate is generated, you need to add the HTTPS endpoints in config.json file located at the path /opt/ncache/bin/tools/web/config.json. For details on how to configure different endpoints to use certificates, refer to Configure endpoints for the ASP.NET Core Kestrel web server documentation. Here is how you can update the HTTPS endpoints:
With .crt certificate
{
"Kestrel": {
"EndPoints": {
"Http": {
"Url": "http://0.0.0.0:8251"
},
"HttpsInlineCertStore": {
"Url": "https://0.0.0.0:8252",
"Certificate": {
"Path": "<path to .pem/.crt file>",
"KeyPath":"<path to .key file>",
"AllowInvalid": "true"
}
}
}
}
}
With .pfx certificate
{
"Kestrel": {
"EndPoints": {
"Http": {
"Url": "http://0.0.0.0:8251"
},
"HttpsInlineCertStore": {
"Url": "https://0.0.0.0:8252",
"Certificate": {
"Subject": "<subject; required>",
"Store": "<crt store; required>",
"Location": "<location; defaults to CurrentUser>",
"AllowInvalid": "true"
}
}
}
}
}
Once the desired properties are set, restart NCache Web Manager to accept the changes you made for the certificate and then browse to https://localhost:8252.
Note
If you are specifying port 8252, it must be enabled through the firewall first.
Important
Any exceptions after configuration changes will be logged in the event viewer log files at /opt/ncache/log-files/eventlogs.
See Also
Configure Security for Cache Management
Configure Security for Client Nodes
Configure Encryption for Cache
Configure SSL/TLS Encryption in NCache