Configure HTTPS Security

HTTPS is widely used for secure communication over a network. By enabling HTTPS security, the communication protocol is encrypted using a certificate. NCache enables the use of HTTPS for the NCache Management Center in Windows and Linux through TLS certificates. Read more about how it works, here.

Prerequisites to Configure HTTPS Security

Windows
Linux

To enable HTTPS for the NCache Management Center in Windows, you must have PowerShell 5.1 up to 7.3.9 version installed on your Windows machine.

Create or obtain a TLS certificate that includes an exportable private key. For creating certificates, refer to this blog on Generating Self Signed Certificates.

Important

We do not recommend using self-generated certificates in your production environments. Although, you can use them in your testing environments.

Certificate Installation

Windows
Linux

To trust the generated certificate, you need to install it with the appropriate account in the certificate store (Local Machine or Current User). In this regard, you can read further about system certificate store types. Install the trusted root certificate on your machine while making sure that your user account has access permissions for the NCache Management Center and Service.

Note

Make sure that the NCache Service is running under the same user which is used to import the certificate either for the Local or Current User.

Since, the ncache user does not have read access to the certificate files, you need to give read access to ncache user. Follow these steps to give read access on certificate and key file in Linux.

Login to your machine as administrator and make sure that the NCache Service is running under the ncache user.
Run the following commands.

With .crt certificate

Run the following commands in your terminal:

sudo chmod +r <path of the .crt file>
sudo chmod +r <path of the .key file>

With .pfx certificate

Run the following commands using PowerShell to create ncache directory, change its owner to ncache, create a certificate store, add a .pfx certificate to the store:

sudo mkdir /home/ncache

// copy certificate to the following directory
cp /certificate_path /home/ncache

sudo chown -r ncache /home/ncache

cd /home/ncache

$store=[System.Security.Cryptography.X509Certificates.X509Store]::new([System.Security.Cryptography.X509Certificates.StoreName]::Root,[System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser,[System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)

$store.Add([System.Security.Cryptography.X509Certificates.X509Certificate2]::new("MYCertificate.pfx","password1234",[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet))

Update the NCache Management Center Configuration

Windows
Linux

Once your certificate is generated and installed, you need to update the HTTPS endpoints in the appsettings.json file located at the path C:\Program Files\NCache\bin\tools\web. For details on how to configure different endpoints to use certificates either from a file on disk or from a certificate store, refer to Configure endpoints for the ASP.NET Core Kestrel web server documentation. Here is how you can update the HTTPS endpoints:

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Subject": "<subject; required>",
              "Store": "<cert store; required>",
              "Location": "<location; defaults to CurrentUser>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

Once your certificate is generated, you need to add the HTTPS endpoints in appsettings.json file located at the path /opt/ncache/bin/tools/web. For details on how to configure different endpoints to use certificates, refer to Configure endpoints for the ASP.NET Core Kestrel web server documentation. Here is how you can update the HTTPS endpoints:

With .crt certificate

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Path": "<path to .pem/.crt file>",
              "KeyPath":"<path to .key file>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

With .pfx certificate

{
  "Kestrel": {
      "EndPoints": {
        "Http": {
            "Url": "http://0.0.0.0:8251"
        },
        "HttpsInlineCertStore": {
            "Url": "https://0.0.0.0:8252",
            "Certificate": {
              "Subject": "<subject; required>",
              "Store": "<crt store; required>",
              "Location": "<location; defaults to CurrentUser>",
              "AllowInvalid": "true"
            }
          }
      }
  }
}

Once the desired properties are set, restart the NCache Management Center to accept the changes you made for the certificate, and then browse to https://localhost:8252.

Note

If you are specifying port 8252, it must be enabled through the firewall first.

Important

Any exceptions after configuration changes will be logged in the event viewer.

Configure HTTPS Security

Prerequisites to Configure HTTPS Security

Obtain a Test Certificate

Important

Certificate Installation

Note

With .crt certificate

With .pfx certificate

Update the NCache Management Center Configuration

With .crt certificate

With .pfx certificate

Note

Important

See Also

Contact Us