What is the default HTTPS port for NCache Management Center?

The default secure management port is 8252.

Can I use self-signed certificates for NCache HTTPS?

Yes, self-signed certificates are supported for development and testing, though CA-signed certificates are recommended for production.

Which file is updated to configure NCache HTTPS on Windows?

On Windows, update the appsettings.json file located in the NCache/bin/tools/web directory.

Configure HTTPS Security for NCache Management Center

HTTPS is the standard protocol for secure communication over the internet. The NCache Management Center uses TLS/SSL Encryption through the Kestrel web server on both Windows and Linux to secure the NCache Management Center. This setting guarantees that all administration performed over the web interface is encrypted.

To enable HTTPS for the NCache Management Center in Windows, you must have PowerShell 5.1 up to 7.3.9 version installed on your Windows machine.

Step 1: Obtain or Generate TLS Certificates

Windows
Linux

Create or obtain a TLS certificate that includes an exportable private key. For creating certificates, refer to this blog on Generating Self Signed Certificates.

Important

While self-signed certificates are suitable for local development and testing environments, we strongly recommend using certificates from a Trusted Certificate Authority (CA) for production. This prevents browser trust warnings and ensures the integrity of the encryption chain.

Step 2: Install Certificates & Grant Permissions

Windows
Linux

To trust the generated certificate, you need to install it with the appropriate account in the certificate store (Local Machine or Current User). In this regard, you can read further about system certificate store types. Install the trusted root certificate on your machine while making sure that your user account has access permissions for the NCache Management Center and Service.

Note

Make sure that the NCache Service is running under the same user which is used to import the certificate either for the Local or Current User.

Since, the ncache user does not have read access to the certificate files, you need to give read access to ncache user. Follow these steps to give read access on certificate and key file in Linux.

Login to your machine as administrator and make sure that the NCache Service is running under the ncache user.
Run the following commands.

With .crt certificate

Run the following commands in your terminal:

sudo chmod +r <path of the .crt file>
sudo chmod +r <path of the .key file>

With .pfx certificate

Run the following commands using PowerShell to create ncache directory, change its owner to ncache, create a certificate store, add a .pfx certificate to the store:

sudo mkdir /home/ncache

// copy certificate to the following directory
cp /certificate_path /home/ncache

sudo chown -r ncache /home/ncache

cd /home/ncache

$store=[System.Security.Cryptography.X509Certificates.X509Store]::new([System.Security.Cryptography.X509Certificates.StoreName]::Root,[System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser,[System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)

$store.Add([System.Security.Cryptography.X509Certificates.X509Certificate2]::new("MYCertificate.pfx","password1234",[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet))

Step 3: Update Kestrel Endpoints in appsettings.json

Windows
Linux

Once your certificate is generated and installed, you need to update the HTTPS endpoints in the appsettings.json file located at the path C:\Program Files\NCache\bin\tools\web. For details on how to configure different endpoints to use certificates either from a file on disk or from a certificate store, refer to Configure endpoints for the ASP.NET Core Kestrel web server documentation. Here is how you can update the HTTPS endpoints:

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Subject": "<subject; required>",
              "Store": "<cert store; required>",
              "Location": "<location; defaults to CurrentUser>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

Once your certificate is generated, you need to add the HTTPS endpoints in config.json file located at the path /opt/ncache/bin/tools/web/config.json. For details on how to configure different endpoints to use certificates, refer to Configure endpoints for the ASP.NET Core Kestrel web server documentation. Here is how you can update the HTTPS endpoints:

With .crt certificate

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Path": "<path to .pem/.crt file>",
              "KeyPath":"<path to .key file>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

With .pfx certificate

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Subject": "<subject; required>",
              "Store": "<crt store; required>",
              "Location": "<location; defaults to CurrentUser>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

Once the desired properties are set, restart the NCache Management Center to accept the changes you made for the certificate, and then browse to https://localhost:8252.

Note

If you are specifying port 8252, it must be enabled through the firewall first.

Important

Any exceptions after configuration changes will be logged in the event viewer.

Configure HTTPS Security for NCache Management Center

Prerequisites

Step 1: Obtain or Generate TLS Certificates

Important

Step 2: Install Certificates & Grant Permissions

Note

With .crt certificate

With .pfx certificate

Step 3: Update Kestrel Endpoints in appsettings.json

With .crt certificate

With .pfx certificate

Note

Important

See Also

Contact Us