• Facebook
  • Twitter
  • Youtube
  • LinedIn
  • RSS
  • Docs
  • Comparisons
  • Blogs
  • Download
  • Contact Us
Download
Show / Hide Table of Contents

Docker TLS

NCache supports TLS encryption to secure communication between clients and cache servers, as well as communication between cache servers in a cluster. In a Docker deployment, TLS helps protect cache traffic that is transmitted over the network between containerized NCache components. This page explains how to install certificates inside a running NCache Docker container and enable regular TLS for client-server and server-to-server communication.

Note

TLS in NCache Docker is supported for regular TLS only. Mutual TLS is not supported in the Docker environment.

Prerequisites

Before enabling TLS, make sure that:

  • The NCache Docker container is running.
  • The server certificate is available as a .pfx file.
  • The root CA certificate is available as a .crt file.
  • You know the password for the certificate file.
  • You have the certificate Common Name (CN) and thumbprint, or you can retrieve them during certificate installation.

If the certificate files are on the Docker host machine, copy them into the container:

docker cp certificate.pfx <container-name>:/usr/local/share/ca-certificates/
docker cp certificate.crt <container-name>:/usr/local/share/ca-certificates/
Note

Always place custom certificates in /usr/local/share/ca-certificates/ to ensure they are not overwritten by system updates.

Step 1: Access the Docker Container

To interact with NCache tools, you need to open a shell session directly inside the running container. Run the following command from the Docker host machine to enter the NCache container:

docker exec -it ncache bash

Navigate to the NCache tools directory:

cd /opt/ncache/bin/tools/

Step 2: Install the Server Certificate

In Docker containers, sudo access is not available by default, so certificate installation should be performed using the NCache-provided install-pfxcertificate tool.

Install your server PFX certificate using the install-pfxcertificate tool:

./install-pfxcertificate `
  -filepath "/usr/local/share/ca-certificates/certificate.pfx" `
  -password "<pfx-password>"

The command returns the certificate Common Name (CN) and thumbprint. Save these values because they are required when enabling TLS.

Example output:

SUCCESS: Installed /usr/local/share/ca-certificates/certificate.pfx into Root store (CurrentUser)
CN=<your-certificate-cn>
THUMBPRINT=<your-thumbprint>

Step 3: Install the Root CA Certificate

Install the Root CA certificate using the same install-pfxcertificate tool:

./install-pfxcertificate `
  -filepath "/usr/local/share/ca-certificates/certificate.crt" `
  -password "<crt-password>"

Example output:

SUCCESS: Installed /usr/local/share/ca-certificates/certificate.crt into Root store (CurrentUser)
CN=<your-root-ca-cn>
THUMBPRINT=<your-root-ca-thumbprint>

Step 4: Enable TLS

After installing the certificates, use the enable-ncachetls tool to enable TLS. Use the CN and thumbprint returned during server certificate installation.

./enable-ncachetls `
  -servercertificatecn "<server-certificate-cn>" `
  -servercertificatethumbprint "<server-certificate-thumbprint>" `
  -clientcertificatecn "<client-certificate-cn>" `
  -clientcertificatethumbprint "<client-certificate-thumbprint>" `
  -pfxpath "/usr/local/share/ca-certificates/certificate.pfx" `
  -pfxpassword "<pfx-password>" `
  -clientservercommunication `
  -servertoservercommunication
Note

If you do not specify -protocolversion, NCache uses TLS 1.2 by default.

Step 5: Verify TLS Configuration

Before restarting the service, verify that the TLS settings were written to the NCache TLS configuration file:

cat /opt/ncache/config/tls.ncconf

The file should show TLS as enabled and should include your certificate details:

<tls-info>
  <enable>true</enable>
  <server-certificate-cn><server-certificate-cn></server-certificate-cn>
  <server-certificate-thumbprint><server-certificate-thumbprint></server-certificate-thumbprint>
  <client-certificate-cn><client-certificate-cn></client-certificate-cn>
  <client-certificate-thumbprint><client-certificate-thumbprint></client-certificate-thumbprint>
  <enable-client-server-tls>true</enable-client-server-tls>
  <enable-server-to-server-tls>true</enable-server-to-server-tls>
  <protocol-version>tls12</protocol-version>
</tls-info>
Note
  • Restarting the NCache service and caches is required for the updated TLS configuration to take effect and switch communication to secure streams.
  • Since systemctl is not available in the NCache Docker image, restart the service manually.

Step 6: Restart the NCache Service

After updating TLS settings, restart the NCache daemon inside the container. Find the NCache daemon process using the following command:

ps aux | grep ncache

Look for the process containing Alachisoft.NCache.Daemon, similar to the following:

/opt/ncache/bin/service/Alachisoft.NCache.Daemon start /opt/ncache/

Kill the process using its process ID and start the NCache service again:

kill -9 <process-id>
/opt/ncache/bin/service/Alachisoft.NCache.Daemon start &

Verify that the daemon is running again:

ps aux | grep ncache

You should see Alachisoft.NCache.Daemon listed again with a new process ID.

Step 7: Restart the Cache

After the NCache service is running, restart the cache so it can use the updated TLS configuration:

/opt/ncache/bin/tools/stop-cache demoCache
/opt/ncache/bin/tools/start-cache demoCache

Verify that the cache is running:

/opt/ncache/bin/tools/get-caches

Step 8: Verify TLS in Cache Logs

Check the cache log files to confirm that TLS is active. Log files are located at /opt/ncache/log-files/:

ls -lt /opt/ncache/log-files/
cat /opt/ncache/log-files/demoCache_12-5-2026-9-31-13_192.168.65.6.txt

If TLS is active, the cache log should show entries similar to the following:

secure_connection :True
require_server_certifiate :True
TLS version is Tls12

These log entries confirm that the cache is running with TLS enabled.

See Also

Configure SSL/TLS Encryption
Enable-NCacheTLS
Disable-NCacheTLS
Docker Installation

Contact Us

PHONE

+1 214-619-2601   (US)

+44 20 7993 8327   (UK)

 
EMAIL

sales@alachisoft.com

support@alachisoft.com

NCache
  • Edition Comparison
  • NCache Architecture
  • Benchmarks
Download
Pricing
Try Playground

Deployments
  • Cloud (SaaS & Software)
  • On-Premises
  • Kubernetes
  • Docker
Technical Use Cases
  • ASP.NET Sessions
  • ASP.NET Core Sessions
  • Pub/Sub Messaging
  • Real-Time ASP.NET SignalR
  • Internet of Things (IoT)
  • NoSQL Database
  • Stream Processing
  • Microservices
Resources
  • Magazine Articles
  • Third-Party Articles
  • Articles
  • Videos
  • Whitepapers
  • Shows
  • Talks
  • Blogs
  • Docs
Customer Case Studies
  • Testimonials
  • Customers
Support
  • Schedule a Demo
  • Forum (Google Groups)
  • Tips
Company
  • Leadership
  • Partners
  • News
  • Events
  • Careers
Contact Us

  • EnglishChinese (Simplified)FrenchGermanItalianJapaneseKoreanPortugueseSpanish

  • Contact Us
  •  
  • Sitemap
  •  
  • Terms of Use
  •  
  • Privacy Policy
© Copyright Alachisoft 2002 - . All rights reserved. NCache is a registered trademark of Diyatech Corp.
Back to top