Enable-NCacheTLS - PowerShell Cmdlet
This PowerShell Cmdlet enables TLS encryption to ensure secure data exchange over the network. This encrypted data communication occurs among cluster, client, server, and bridge. To enable TLS, you can choose between the different switch types like ClientServerCommunication, ServerToServerCommunication, and BridgeCommunication as part of this PowerShell Cmdlet.
Note
- This feature is only available in NCache Enterprise.
- From 5.3 SP5 onwards, clients and servers can have different certificates.
Note
For the ProtocolVersion
parameter, the client version should be NCache 5.3 SP5 or above. Older clients (before 5.3 SP5) are not supported for this functionality.
Enable-NCacheTLS -ServerCertificateCN -ServerCertificateThumbprint [-ClientCertificateCN] [-ClientCertificateThumbprint] [-ProtocolVersion] [-ServerToServerCommunication] [-BridgeCommunication] [-UseMutualTLSForClientToServer] [-UseMutualTLSForServerToServer] [-Node] [-Credentials]
Examples of Enable-NCacheTLS - PowerShell Cmdlet
- This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types
ClientServerCommunication
andBridgeCommunication
.UseMutualTLSForClientToServer
specify whether the certificate is required at client end or not. It uses tls1.2 for secure communication by default.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ClientCertificateCN "MyClientCert" -ClientCertificateThumbprint "1234567890EFGHIJKL" -ClientServerCommunication -BridgeCommunication -UseMutualTLSForClientToServer true
- This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types
ServerToServerCommunication
.UseMutualTLSForServerToServer
specify whether the certificate is required at server end or not. It lets operating system to choose it's best suited protocol for secure communication.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true -ProtocolVersion auto
- This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security on communication types
ServerToServerCommunication
. It allows to add separate Client Certificate and Thumbprint for Clients.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -ServerCertificateCN "MyCert" -ServerCertificateThumbprint "1234567890ABCDEF" -ClientCertificateCN "MyClientCert" -ClientCertificateThumbprint "1234567890EFGHIJKL" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true
Properties
Note
The parameters with asterisk (*) on their names are the required parameters and the rest are optional.
Parameters | Data Types | Description | Default Value |
---|---|---|---|
-ServerCertificateCN* |
<String> |
The ServerCertificateCN parameter is the common Name (CN) of the server's SSL certificate, verified by clients and other servers in the cluster. | - |
-ServerCertificateThumbprint* |
<String> |
Specifies the unique SHA-1 thumbprint of the server's SSL certificate for identification. | - |
-ClientCertificateCN |
<String> |
The ClientCertificateCN parameter is the common Name (CN) of the client's SSL certificate, verified by the server. | - |
-ClientCertificateThumbprint |
<String> |
Specifies the unique SHA-1 thumbprint of the client's SSL certificate for mutual authentication. | - |
-CertificateName* (Available until 5.3 SP4) |
<String> |
The CertificateName parameter specifies the name of the TLS certificate to be used for encryption. It provides the unique name associated with the desired TLS certificate for secure communication. | - |
-CertificateThumbprint* (Available until 5.3 SP4) |
<String> |
Specifies the unique thumbprint of the TLS certificate to ensure its authenticity and integrity. It provides the fingerprint value associated with the desired TLS certificate for secure communication. | - |
-ClientServerCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between client and server nodes. | False |
-ServerToServerCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between server nodes within a cluster. | False |
-BridgeCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between NCache bridge and geographically separate caches. | False |
-UseMutualTLSForClientToServer |
<String> |
Enforces client nodes to present a valid TLS certificate for authentication during communication. When enabled, all client nodes connecting to the server must present a valid TLS certificate, and it's issuing Certificate Authority must be listed in the server's Trusted Root. | False |
-UseMutualTLSForServerToServer |
<String> |
Enforces server nodes to present a valid TLS certificate for authentication during communication. When enabled, servers connecting to the first server must provide a valid TLS certificate. Additionally, the Certificate Authorities for all servers must be included in each server's Trusted Root. | True |
-Node |
<String> |
Specifies the IP addresses of cache servers, cache clients, or bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to configure TLS on the desired nodes. Please ensure that client nodes with NCache installed are included; for clients without NCache installation, configure them manually. | - |
-Credentials |
<pscredential> |
Specifies the user credentials required to authorize access for the specified operation. These credentials should belong to a user with the appropriate permissions at the node. | - |
-ProtocolVersion |
<String> |
Specifies the protocol version to be used during TLS communication. There are two possible values for this parameter: 1. ProtocolVersion = TLS12 : The system will function as expected when the protocol version is explicitly set to TLS 1.2. 2. ProtocolVersion = Auto : When the protocol version is set to "Auto," the system will now automatically use the highest TLS version installed and supported on the operating system. |
tls12 |