• Facebook
  • Twitter
  • Youtube
  • LinedIn
  • RSS
  • Docs
  • Comparisons
  • Blogs
  • Download
  • Contact Us
Download
Show / Hide Table of Contents

TLS Config (tls.ncconf)

The TLS configuration file contains information regarding the user's TLS settings and the associated TLS certificates. This page details the various tags used in this file and their purposes.

Note

If your client machines do not have NCache installed, you can enable TLS using the tls.ncconf file available via the NCache NuGet Package in Windows and Linux.

TLS Config Syntax

The TLS configuration file is explained below.

<tls-info>
  <server-certificate-cn>certificate-name</server-certificate-cn> 
  <server-certificate-thumbprint>your-thumbprint</server-certificate-thumbprint>
  <client-certificate-cn>certificate-name</client-certificate-cn>
  <client-certificate-thumbprint>your-thumbprint</client-certificate-thumbprint>
  <enable>false</enable>
  <enable-client-server-tls>false</enable-client-server-tls>
  <enable-bridge-tls>false</enable-bridge-tls>
  <enable-server-to-server-tls>false</enable-server-to-server-tls>
  <use-mutual-tls-for-client-to-server>false</use-mutual-tls-for-client-to-server>
  <use-mutual-tls-for-server-to-server>false</use-mutual-tls-for-server-to-server>
  <protocol-version>tls12</protocol-version>
  <!-- Required when running Java clients with TLS. -->
  <pfx-path>certificate-path</pfx-path>
  <pfx-password>certificate-password</pfx-password>
</tls-info>

Understanding the TLS Config Tags

The following section explains the tags mentioned as part of the file syntax.

  • enable: Enables or disables TLS encryption globally. If set to false, TLS is disabled for client-server, server-server, and bridge communication, and other TLS-related settings such as use-mutual-tls-for-client-to-server, enable-bridge-tls, enable-client-server-tls, enable-server-to-server-tls, and use-mutual-tls-for-server-to-server are not applied. If set to true, NCache applies the configured TLS settings. By default, it is false.

  • server-certificate-cn: Specifies the name of the TLS certificate to be used for encryption. It provides the unique name associated with the desired TLS certificate for secure communication.

  • server-certificate-thumbprint: Specifies the unique thumbprint of the TLS certificate to ensure its authenticity and integrity. It provides the fingerprint value associated with the desired TLS certificate for secure communication.

  • client-certificate-cn: Specifies the Common Name (CN) field in a client's TLS certificate used to identify and authenticate the client during mutual TLS connections.

  • client-certificate-thumbprint: It is a unique identifier (a hash) of the client's TLS certificate used to verify and authenticate the client during secure connections.

  • enable-client-server-tls: Allows you to enable TLS encryption for communication between client and server nodes. By default, it is false.

  • enable-server-to-server-tls: Allows you to enable TLS encryption for communication between server nodes. By default, it is false.

  • enable-bridge-tls: Allows you to enable TLS encryption for communication between NCache bridge and geographically separate caches. By default, it is false.

  • use-mutual-tls-for-client-to-server: Allows you to enforce the requirement for a valid client TLS certificate. When enabled, client nodes connecting to the server must present a valid TLS certificate for authentication, and for that, the certificate's Certificate Authority should exist in the server's Trusted Root. By default, it is false.

  • use-mutual-tls-for-server-to-server: Enforces the requirement for mutual TLS during server-to-server communication within the cluster. When enabled, each server node must present a valid TLS certificate to its peer server for authentication. By default, it is false.

  • protocol-version: Specifies the TLS version (e.g., TLS 1.2, TLS 1.3) that NCache supports to establish secure communication between clients and cache servers.

  • pfx-path: Specifies the path to the PFX certificate file used for TLS communication.

  • pfx-password: Specifies the password of the PFX certificate file specified in pfx-path.

Note

The pfx-path and pfx-password tags are required when running Java clients with TLS, as the Java client needs the PFX certificate path and password in the TLS configuration.

See Also

Configure Security for Cache
Configure Encryption for Cache

Contact Us

PHONE

+1 214-619-2601   (US)

+44 20 7993 8327   (UK)

 
EMAIL

sales@alachisoft.com

support@alachisoft.com

NCache
  • Edition Comparison
  • NCache Architecture
  • Benchmarks
Download
Pricing
Try Playground

Deployments
  • Cloud (SaaS & Software)
  • On-Premises
  • Kubernetes
  • Docker
Technical Use Cases
  • ASP.NET Sessions
  • ASP.NET Core Sessions
  • Pub/Sub Messaging
  • Real-Time ASP.NET SignalR
  • Internet of Things (IoT)
  • NoSQL Database
  • Stream Processing
  • Microservices
Resources
  • Magazine Articles
  • Third-Party Articles
  • Articles
  • Videos
  • Whitepapers
  • Shows
  • Talks
  • Blogs
  • Docs
Customer Case Studies
  • Testimonials
  • Customers
Support
  • Schedule a Demo
  • Forum (Google Groups)
  • Tips
Company
  • Leadership
  • Partners
  • News
  • Events
  • Careers
Contact Us

  • EnglishChinese (Simplified)FrenchGermanItalianJapaneseKoreanPortugueseSpanish

  • Contact Us
  •  
  • Sitemap
  •  
  • Terms of Use
  •  
  • Privacy Policy
© Copyright Alachisoft 2002 - . All rights reserved. NCache is a registered trademark of Diyatech Corp.
Back to top