Enable-NCacheTLS

This PowerShell cmdlet enables TLS encryption to ensure secure data exchange over the network. This encrypted data communication occurs among cluster, client, server, and Bridge. To enable TLS, you can choose between the different switch types like ClientServerCommunication, ServerToServerCommunication, and BridgeCommunication as part of this PowerShell cmdlet.

Note

This feature is also available in the NCache Community Edition for Client Server Communication only.

Note

From 5.3 SP5 onwards, clients and servers can have different certificates.
For the ProtocolVersion parameter, the NCache version should be NCache 5.3 SP5 or above. Older clients (before 5.3 SP5) are not supported for this functionality.

Windows PowerShell
Linux CLI

Enable-NCacheTLS -ServerCertificateCN -ServerCertificateThumbprint [-ClientCertificateCN] [-ClientCertificateThumbprint] [-ClientServerCommunication] [-ProtocolVersion] [-ServerToServerCommunication] [-BridgeCommunication] [-UseMutualTLSForClientToServer] [-UseMutualTLSForServerToServer] [-Node] [-Credentials]

Examples

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types ClientServerCommunication and BridgeCommunication. UseMutualTLSForClientToServer specify whether the certificate is required at client end or not. It uses tls1.2 for secure communication by default.

Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ClientCertificateCN "MyClientCert" -ClientCertificateThumbprint "1234567890EFGHIJKL" -ClientServerCommunication -BridgeCommunication -UseMutualTLSForClientToServer true

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types ServerToServerCommunication. UseMutualTLSForServerToServer specify whether the certificate is required at server end or not. It lets operating system to choose it's best suited protocol for secure communication.

Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true -ProtocolVersion auto

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types ServerToServerCommunication. It allows to add separate certificates for clients and servers.

Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ClientCertificateCN "MyClientCert" -ClientCertificateThumbprint "1234567890EFGHIJKL" -ServerToServerCommunication -UseMutualTLSForServerToServer true

Properties

Note

The parameters with asterisk (*) on their names are the required parameters and the rest are optional.

Parameters	Data Types	Description	Default Value
`-ServerCertificateCN*`	`<String>`	The `ServerCertificateCN` parameter is the common Name (CN) of the server's SSL certificate, verified by clients and other servers in the cluster.	-
`-ServerCertificateThumbprint*`	`<String>`	Specifies the unique SHA-1 thumbprint of the server's SSL certificate for identification.	-
`-ClientCertificateCN`	`<String>`	The `ClientCertificateCN` parameter is the common Name (CN) of the client's SSL certificate, verified by the server.	-
`-ClientCertificateThumbprint`	`<String>`	Specifies the unique SHA-1 thumbprint of the client's SSL certificate for mutual authentication.	-
`-ClientServerCommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between client and server nodes.	False
`-ServerToServerCommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between server nodes within a cluster.	False
`-BridgeCommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between NCache Bridge and geographically separate caches.	False
`-UseMutualTLSForClientToServer`	`<String>`	Enforces client nodes to present a valid TLS certificate for authentication during communication. When enabled, all client nodes connecting to the server must present a valid TLS certificate, and it's issuing Certificate Authority must be listed in the server's Trusted Root.	False
`-UseMutualTLSForServerToServer`	`<String>`	Enforces server nodes to present a valid TLS certificate for authentication during communication. When enabled, servers connecting to the first server must provide a valid TLS certificate. Additionally, the Certificate Authorities for all servers must be included in each server's Trusted Root.	True
`-Node`	`<String>`	Specifies the IP addresses of cache servers, cache clients, or Bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to configure TLS on the desired nodes. Please ensure that client nodes with NCache installed are included; for clients without NCache installation, configure them manually.	-
`-Credentials`	`<pscredential>`	Specifies the user credentials required to authorize access for the specified operation. These credentials should belong to a user with the appropriate permissions at the node.	-
`-ProtocolVersion`	`<String>`	Specifies the protocol version to be used during TLS communication. There are two possible values for this parameter: 1. `ProtocolVersion = TLS12`: Forces the system to use only TLS 1.2 for all secure communications. 2. `ProtocolVersion = Auto`: When the protocol version is set to "Auto," the system will now automatically use the highest TLS version installed and supported on the operating system.	tls12

enable-NCacheTLS -servercertificatecn -servercertificatethumbprint [-clientcertificatecn] [-clientcertificatethumbprint] [-clientservercommunication] [-protocolversion] [-servertoservercommunication] [-bridgecommunication] [-usemutualtlsforclienttoserver] [-usemutualtlsforservertoserver] [-node] [-pfxpath] [-pfxpassword] [-userid] [-password]

Examples

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types clientservercommunication and bridgecommunication. usemutualtlsforclienttoserver specify whether the certificate is required at client end or not. It uses tls1.2 for secure communication by default.

enable-ncachetls -Node "20.200.20.11,20.200.20.12" -servercertificatecn "MyCert" -servercertificatethumbprint "1234567890ABCDEF" -clientcertificatecn "MyClientCert" -clientcertificatethumbprint "1234567890EFGHIJKL"-clientservercommunication -bridgecommunication -usemutualtlsforclienttoserver true

This command enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication type servertoservercommunication. usemutualtlsforservertoserver specify whether the certificate is required at server end or not. protocolversion lets operating system to choose it's best suited protocol for secure communication.

enable-ncachetls -node "20.200.20.11,20.200.20.12" -servercertificatecn "MyCert" -servercertificatethumbprint "1234567890ABCDEF"  -servertoservercommunication -usemutualtlsforclienttoserver false -usemutualtlsforservertoserver true -protocolversion auto

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types servertoservercommunication. It allows to add separate certificates for clients and servers.

enable-ncachetls -Node "20.200.20.11,20.200.20.12" -servercertificatecn "MyCert" -servercertificatethumbprint "1234567890ABCDEF" -clientcertificatecn "MyClientCert" -clientcertificatethumbprint "1234567890EFGHIJKL" -servertoservercommunication -usemutualtlsforservertoserver true

Properties

Note

The parameters with asterisk (*) on their names are the required parameters and the rest are optional.

Parameters	Data Types	Description	Default Value
`-servercertificatecn*`	`<String>`	The servercertificatecn parameter is the common Name (CN) of the server's SSL certificate, verified by clients and other servers in the cluster.	-
`-servercertificatethumbprint*`	`<String>`	Specifies the unique SHA-1 thumbprint of the server's SSL certificate for identification.	-
`-clientcertificatecn`	`<String>`	The clientcertificatecn parameter is the common Name (CN) of the client's SSL certificate, verified by the server.	-
`-clientcertificatethumbprint`	`<String>`	Specifies the unique SHA-1 thumbprint of the client's SSL certificate for mutual authentication.	-
`-clientservercommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between client and server nodes.	False
`-servertoservercommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between server nodes within a cluster.	False
`-bridgecommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between NCache Bridge and geographically separate caches.	False
`-usemutualtls-forclienttoserver`	`<String>`	Enforces client nodes to present a valid TLS certificate for authentication during communication. When enabled, all client nodes connecting to the server must present a valid TLS certificate, and it's issuing Certificate Authority must be listed in the server's Trusted Root.	False
`-usemutualtlsforservertoserver`	`<String>`	Enforces server nodes to present a valid TLS certificate for authentication during communication. When enabled, servers connecting to the first server must provide a valid TLS certificate. Additionally, the Certificate Authorities for all servers must be included in each server's Trusted Root.	True
`-node`	`<String>`	Specifies the IP addresses of cache servers, cache clients, or Bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to configure TLS on the desired nodes. Please ensure that client nodes with NCache installed are included; for clients without NCache installation, configure them manually.	-
`-pfxpath`	`<String>`	Specifies the path to the PFX certificate file to be used by NCache Java clients on Linux machines for mutual client-server TLS authentication. This parameter is not required for Windows-based clients or cache servers.	-
`-pfxpassword`	`<String>`	Specifies the password associated with the PFX certificate file. This parameter is relevant only for NCache Java clients running on Linux machines and is used in conjunction with the pfxpath parameter. It is not applicable to Windows-based clients or cache servers.	-
`-userid`	`<String>`	Specifies the user id used to authorize the user for this operation. It is required in case security is enabled on Cache Server. This user id must be the active directory user id.	-
`-password`	`<String>`	Specifies the password of the user that is used to authorize the user for this operation. It is required in case security is enabled on Cache Server. This password must be the same as the active directory user password.	-
`-ProtocolVersion`	`<String>`	Specifies the protocol version to be used during TLS communication. There are two possible values for this parameter: 1. `ProtocolVersion = TLS12`: Forces the system to use only TLS 1.2 for all secure communications. 2. `ProtocolVersion = Auto`: When the protocol version is set to "Auto," the system will now automatically use the highest TLS version installed and supported on the operating system.	tls12

Enable-NCacheTLS

Note

Note

Examples

Properties

Note

Contact Us