Enable NCache TLS

Note

This feature is only available in NCache Enterprise.
Enable-NCacheTLS command is supported for NCache 5.3.2 and above.

This enables TLS encryption to ensure secure data exchange over the network. This encrypted data communication occurs between servers and clients, between different servers, from caches to the bridge they are a part of, and from bridges to the caches they consist of in NCache. To enable TLS, you can choose between ClientServerCommunication, ServerToServerCommunication, and BridgeCommunication.

Windows PowerShell
Linux CLI

Enable-NCacheTLS -CertificateName -CertificateThumbprint [-ClientServerCommunication] [-ServerToServerCommunication ] [-BridgeCommunication] [-UseMutualTLSForClientToServer] [-UseMutualTLSForServerToServer] [-Node] [-Credentials]

Examples

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security for any out-of-process communication, e.g., ClientServerCommunication or BridgeCommunication. The UseMutualTLSForClientToServer specifies whether the client requires a certificate and whether the server will need to have this certificate's Certificate Authority in its Trusted Root.

Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -CertificateName "MyCert" -CertificateThumbprint "1234567890ABCDEF" -ClientServerCommunication -BridgeCommunication -UseMutualTLSForClientToServer true

This cmdlet enables TLS encryption on the 20.200.20.11 and 20.200.20.12 nodes where out-of-process communication occurs at ServerToServerCommunication level. The UseMutualTLSForServerToServer property specifies whether the other server requires a certificate and that all the servers must have each other's Certificate Authorities to exist in their Trusted Roots.

Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -CertificateName "MyCert" -CertificateThumbprint "1234567890ABCDEF" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true

Properties

Note

The parameters with asterisk (*) on their names are the required parameters and the rest are optional.

Parameters	Data Types	Description	Default Value
`-CertificateName*`	`<String>`	The CertificateName parameter specifies the name of the TLS certificate to be used for encryption. It provides the unique name associated with the desired TLS certificate for secure communication.	-
`-CertificateThumbprint*`	`<String>`	Specifies the unique thumbprint of the TLS certificate to ensure its authenticity and integrity. It provides the fingerprint value associated with the desired TLS certificate for secure communication.	-
`-ClientServerCommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between client and server nodes.	False
`-ServerToServerCommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between server nodes within a cluster.	False
`-BridgeCommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between NCache bridge and geographically separate caches.	False
`-UseMutualTLSForClientToServer`	`<String>`	Enforces the requirement for a valid client TLS certificate. When enabled, client nodes connecting to the server must present a valid TLS certificate for authentication and for that certificate's Certificate Authority to exist in the server's Trusted Root.	False
`-UseMutualTLSForServerToServer`	`<String>`	Enforces the requirement for a valid server TLS certificate during communication. When enabled, the server nodes connecting to the first server must present a valid TLS certificate for authentication. Additionally, all servers need to have each other Certificate Autorities to exist in their Trusted Roots.	True
`-Node`	`<String>`	Specifies one or more IP addresses of cache servers, cache clients, or bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to enable TLS settings on the desired nodes. Please ensure that client nodes with NCache installed are included; for NCache clients without installation, use manual configuration.	-
`-Credentials`	`<pscredential>`	Specifies the user credentials required to authorize access for the specified operation. These credentials should belong to a user who has appropriate permissions at the node.	-

enable-ncachetls -certificatename -certificatethumbprint [-clientservercommunication] [-servertoservercommunication] [-bridgecommunication] [-usemutualtlsforclienttoserver] [-usemutualtlsforservertoserver] [-node] [-userid] [-password]

Examples

This cmdlet enables TLS encryption on nodes 20.200.20.11 and 20.200.20.12 for enhanced security for any out-of-process communication, e.g., ClientServerCommunication or BridgeCommunication. The UseMutualTLSForClientToServer specifies whether the client requires a certificate and whether the server will need to have this certificate's Certificate Authority in its Trusted Root.

enable-ncachetls -node "20.200.20.20,20.200.20.21" -certificatename "MyCert" -certificatethumbprint "1234567890ABCDEF" -servertoservercommunication -bridgecommunication -usemutualtlsforclienttoserver true

This cmdlet enables TLS encryption on the 20.200.20.11 and 20.200.20.12 nodes where out-of-process communication occurs at ServerToServerCommunication level. The UseMutualTLSForServerToServer property specifies whether the other server requires a certificate and that all the servers must have each other's Certificate Authorities to exist in their Trusted Roots.

enable-ncachetls -node "20.200.20.20,20.200.20.21" -certificatename "MyCert" -certificatethumbprint "1234567890ABCDEF" -servertoservercommunication -usemutualtlsforclienttoserver false -usemutualtlsforservertoserver true

Properties

Note

The parameters with asterisk (*) on their names are the required parameters and the rest are optional.

Parameters	Data Types	Description	Default Value
`-certificatename*`	`<String>`	The certificate-name parameter specifies the name of the TLS certificate to be used for encryption. It provides the unique name associated with the desired TLS certificate for secure communication.	-
`-certificatethumbprint*`	`<String>`	Specifies the unique thumbprint of the TLS certificate to ensure its authenticity and integrity. It provides the fingerprint value associated with the desired TLS certificate for secure communication.	-
`-clientservercommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between client and server nodes.	False
`-servertoservercommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between server nodes within a cluster.	False
`-bridgecommunication`	`<SwitchParameter>`	Enables TLS encryption for communication between NCache bridge and geographically separate caches.	False
`-usemutualtls-forclienttoserver`	`<String>`	Enforces the requirement for a valid client TLS certificate. When enabled, client nodes connecting to the server must present a valid TLS certificate for authentication and for that certificate's Certificate Authority to exist in the server's Trusted Root.	False
`-usemutualtlsforservertoserver`	`<String>`	Enforces the requirement for a valid server TLS certificate during communication. When enabled, the server nodes connecting to the first server must present a valid TLS certificate for authentication. Additionally, all servers need to have each other Certificate Autorities to exist in their Trusted Roots.	True
`-node`	`<String>`	Specifies one or more IP addresses of cache servers, cache clients, or bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to enable TLS settings on the desired nodes. Please ensure that client nodes with NCache installed are included; for NCache clients without installation, use manual configuration.	-
`-userid`	`<String>`	Specifies the user id used to authorize the user for this operation. It is required in case security is enabled on Cache Server. This user id must be the active directory user id.	-
`-password`	`<String>`	Specifies the password of the user that is used to authorize the user for this operation. It is required in case security is enabled on Cache Server. This password must be the same as the active directory user password.	-