Configure HTTPS for Web Manager in Windows

HTTPS is widely used for secure communication over a network. In HTTPS, the communication protocol is encrypted using a certificate. NCache enables the use of HTTPS for Web Manager in Windows through TLS certificates. Here we explain the steps to configure HTTPS for the NCache Web Manager in Windows using self-signed certificates.

Pre-requisites

  • To enable HTTPS for NCache Web Manager in Windows, you must have PowerShell 5.1 or the latest version installed on your Windows machine.

Create a Test Certificate

HTTPS requires TLS certificate since the traffic is encrypted by SSL/TLS. Therefore, the first step is to create a TLS certificate if it has not been generated already. For example:

$cert = New-SelfSignedCertificate `
    -KeyAlgorithm RSA `
    -CertStoreLocation "Cert:\LocalMachine\My" `
    -Subject "localhost" `
    -FriendlyName "MyCertificate" `
    -TextExtension @("2.5.29.17={critical}{text}DNS=localhost&IPAddress=20.200.21.XX")

$pwd = ConvertTo-SecureString -String 'password123' -Force -AsPlainText
$path = 'cert:\localMachine\my\' + $cert.thumbprint

Export-PfxCertificate -cert $path -FilePath 'C:\\MyCertificate.pfx' -Password $pwd

Certificate Installation

In order to trust the generated certificate, you need to install it with the appropriate account in the certificate store (Local Machine or Current User). In this regard, you can read further about system certificate store types. Install the trusted root certificate on your machine while making sure that your user account has access permissions for NCache Web Manager and service.

Note

Make sure that NCache service is running under the same user which is used to import the certificate either for Local or Current User.

Update Web Manager Configuration

Once your certificate is generated and installed, you need to update the HTTPS endpoints in config.json file located at the path C:\Program Files\NCache\bin\tools\web. For details on how to configure different endpoints to use certificates either from a file on disk or from a certificate store, refer to Configure endpoints for the ASP.NET Core Kestrel web server documentation. Here is how you can update the HTTPS endpoints:

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Subject": "<subject; required>",
              "Store": "<cert store; required>",
              "Location": "<location; defaults to CurrentUser>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

Once the desired properties are set, restart NCache Web Manager to accept the changes you made for the certificate and then browse to https://localhost:8252.

Note

If you are specifying port 8252, it must be enabled through the firewall first.

Important

Any exceptions after configuration changes will be logged in the event viewer.

See Also

Configure Security for Cache Management
Configure Security for Client Nodes
Configure Encryption for Cache
Configure SSL/TLS Encryption in NCache