Enable-NCacheTLS
This PowerShell cmdlet enables TLS encryption to ensure secure data exchange over the network. This encrypted data communication occurs among cluster, client, server, and Bridge. To enable TLS, you can choose between the different switch types like ClientServerCommunication
, ServerToServerCommunication
, and BridgeCommunication
as part of this PowerShell cmdlet.
Note
This feature is also available in the NCache Community Edition for Client Server Communication only.
Note
- From 5.3 SP5 onwards, clients and servers can have different certificates.
- For the
ProtocolVersion
parameter, the client version should be NCache 5.3 SP5 or above. Older clients (before 5.3 SP5) are not supported for this functionality.
Enable-NCacheTLS -ServerCertificateCN -ServerCertificateThumbprint [-ClientCertificateCN] [-ClientCertificateThumbprint] [-ClientServerCommunication] [-ProtocolVersion] [-ServerToServerCommunication] [-BridgeCommunication] [-UseMutualTLSForClientToServer] [-UseMutualTLSForServerToServer] [-Node] [-Credentials]
Examples
- This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types
ClientServerCommunication
andBridgeCommunication
.UseMutualTLSForClientToServer
specify whether the certificate is required at client end or not. It uses tls1.2 for secure communication by default.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ClientCertificateCN "MyClientCert" -ClientCertificateThumbprint "1234567890EFGHIJKL" -ClientServerCommunication -BridgeCommunication -UseMutualTLSForClientToServer true
- This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types
ServerToServerCommunication
.UseMutualTLSForServerToServer
specify whether the certificate is required at server end or not. It lets operating system to choose it's best suited protocol for secure communication.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true -ProtocolVersion auto
- This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types
ServerToServerCommunication
. It allows to add separate certificates for clients and servers.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ClientCertificateCN "MyClientCert" -ClientCertificateThumbprint "1234567890EFGHIJKL" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true
Properties
Note
The parameters with asterisk (*) on their names are the required parameters and the rest are optional.
Parameters | Data Types | Description | Default Value |
---|---|---|---|
-ServerCertificateCN* |
<String> |
The ServerCertificateCN parameter is the common Name (CN) of the server's SSL certificate, verified by clients and other servers in the cluster. |
- |
-ServerCertificateThumbprint* |
<String> |
Specifies the unique SHA-1 thumbprint of the server's SSL certificate for identification. | - |
-ClientCertificateCN |
<String> |
The ClientCertificateCN parameter is the common Name (CN) of the client's SSL certificate, verified by the server. |
- |
-ClientCertificateThumbprint |
<String> |
Specifies the unique SHA-1 thumbprint of the client's SSL certificate for mutual authentication. | - |
-ClientServerCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between client and server nodes. | False |
-ServerToServerCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between server nodes within a cluster. | False |
-BridgeCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between NCache Bridge and geographically separate caches. | False |
-UseMutualTLSForClientToServer |
<String> |
Enforces client nodes to present a valid TLS certificate for authentication during communication. When enabled, all client nodes connecting to the server must present a valid TLS certificate, and it's issuing Certificate Authority must be listed in the server's Trusted Root. | False |
-UseMutualTLSForServerToServer |
<String> |
Enforces server nodes to present a valid TLS certificate for authentication during communication. When enabled, servers connecting to the first server must provide a valid TLS certificate. Additionally, the Certificate Authorities for all servers must be included in each server's Trusted Root. | True |
-Node |
<String> |
Specifies the IP addresses of cache servers, cache clients, or Bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to configure TLS on the desired nodes. Please ensure that client nodes with NCache installed are included; for clients without NCache installation, configure them manually. | - |
-Credentials |
<pscredential> |
Specifies the user credentials required to authorize access for the specified operation. These credentials should belong to a user with the appropriate permissions at the node. | - |
-ProtocolVersion |
<String> |
Specifies the protocol version to be used during TLS communication. There are two possible values for this parameter: 1. ProtocolVersion = TLS12 : The system will function as expected when the protocol version is explicitly set to TLS 1.2. 2. ProtocolVersion = Auto : When the protocol version is set to "Auto," the system will now automatically use the highest TLS version installed and supported on the operating system. |
tls12 |