Configure SSL/TLS Communication in NCache

Note

This feature is only available in NCache Enterprise Edition.

NCache provides the facility to enable TLS/SSL encryption (using TLS 1.2) over the network to ensure secure data exchange takes place between the server and the authorized client.

Users can hence enable any issued or self-signed SSL certificate to enable connections of the client with NCache server. This guarantees encrypted data transmission by default. Moreover, NCache provides the flexibility of optionally providing the certificate over the client machine.

Prerequisites

Before issuing a SSL certificate in NCache, the following prerequisites must be considered:

  • The certificate must have a private key.

  • The private key must be exportable, to be exported to all nodes including the client machine.

Before enabling SSL security, make sure that:

  • Cache and client processes have been stopped.

  • The certificate is installed in the Trusted Root Certificate Authorities store in Microsoft Management Console. If it is in the Personal folder, drag-and-drop the certificate to the Certificates folder in Trusted Root Certificate Authorities.

  • If the client certificate is to be made optional, please refer to the Property table below for detailed prerequisites in this case.

Enabling SSL Certificate in NCache

  • The certificate can now be enabled for NCache through Registry Editor in the key location HKEY_LOCAL_MACHINE\SOFTWARE\Alachisoft\NCache.

  • Right-click on NCache -> New -> Key.

  • Name this key “TLS”.

  • Create the following properties of the certificate, by right-clicking on TLS -> New.

Property Type Description
CertificateName String Name of the certificate to be enabled for NCache SSL security. Steps to obtain the value have been specified after the table.
Thumbprint String Unique identifier for each certificate. Steps to obtain the value have been specified after the table.
Enabled DWORD Boolean value to enable or disable SSL certificate. Enable SSL by setting the value to 1.
RequireClientCertificate DWORD Boolean to specify whether the certificate is required at client end or not. Note the following pre-requisites for each case:
  • RequireClientCertificate = 1:
    The SSL certificate should exist on both server and client. The value for this property must be 1 on both server and client.
  • RequireClientCertificate = 0:
    It is not mandatory for the SSL certificate to exist on the client machine; however, the issuer of the SSL certificate must have any other certificate issued on the client in the Trusted Root Certificate Authority. This creates “trust” between the client and server.
    		•

    • To obtain the CertificateName and Thumbprint values of the certificate:

      • Go to Microsoft Management Console.

      • Open the Trusted Root Certificate Authorities folder in the standard way.

      • Double-click on the certificate name.

      • Click on the Details tab.

      • Click on Friendly name, this value is the CertificateName.

      • Click on Thumbprint.

      • Copy the thumbprint value and edit it to remove spaces from the value. This value is to be provided to the Thumbprint property.

    • If the certificate is required on the client machine, set the value of RequireClientCertificate to 1, complying to the relevant prerequisites.

    The TLS key under Alachisoft will look like this:

    • Once the desired properties are set, restart the Cache and Client processes.

    • Export the certificate (through the standard way of exporting certificates) to all server nodes in the cluster (and all client nodes if client certificate is required) and perform the same steps to enable SSL security on all nodes.

    Note

    Once the certificates have been enabled, make sure that all client applications run on 64-bit machines.