Enable-NCacheTLS - PowerShell Cmdlet
This PowerShell Cmdlet enables TLS encryption to ensure secure data exchange over the network. This encrypted data communication occurs among cluster, client server, and bridge. To enable TLS, you can choose between the different switch types like ClientServerCommunication, ServerToServerCommunication, and BridgeCommunication as part of this PowerShell Cmdlet.
Note
- This feature is only available in NCache Enterprise.
- The Enable-NCacheTLS PowerShell Cmdlet is supported for NCache 5.3.2 and above.
Enable-NCacheTLS [-CertificateName] -CertificateThumbprint [-ClientServerCommunication] [-ServerToServerCommunication] [-BridgeCommunication] [-UseMutualTLSForClientToServer] [-UseMutualTLSForServerToServer] [-Node] [-Credentials]
Examples of Enable-NCacheTLS - PowerShell Cmdlet
- This command enables the TLS encryption on 20.200.20.11 and 20.200.20.12 nodes for enhanced security on communication types
ClientServerCommunication and BridgeCommunication. The UseMutualTLSForClientToServer specifies whether the certificate is required at the client end or not.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -CertificateName "MyCert" -CertificateThumbprint "1234567890ABCDEF" -ClientServerCommunication -BridgeCommunication -UseMutualTLSForClientToServer true
- This command enables TLS encryption on 20.200.20.11 and 20.200.20.12 nodes for enhanced security on the communication type
ServerToServerCommunication. The UseMutualTLSForServerToServer specifies whether the certificate is required at the server end or not.
Enable-NCacheTLS -Node "20.200.20.11,20.200.20.12" -CertificateName "MyCert" -CertificateThumbprint "1234567890ABCDEF" -ServerToServerCommunication -UseMutualTLSForClientToServer false -UseMutualTLSForServerToServer true
Properties
Note
The parameters with asterisk (*) on their names are the required parameters and the rest are optional.
| Parameters |
Data Types |
Description |
Default Value |
-CertificateName* |
<String> |
The CertificateName parameter specifies the name of the TLS certificate to be used for encryption. It provides the unique name associated with the desired TLS certificate for secure communication. |
- |
-CertificateThumbprint* |
<String> |
Specifies the unique thumbprint of the TLS certificate to ensure its authenticity and integrity. It provides the fingerprint value associated with the desired TLS certificate for secure communication. |
- |
-ClientServerCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between client and server nodes. |
False |
-ServerToServerCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between server nodes within a cluster. |
False |
-BridgeCommunication |
<SwitchParameter> |
Enables TLS encryption for communication between NCache bridge and geographically separate caches. |
False |
-UseMutualTLSForClientToServer |
<String> |
Enforces the requirement for a valid client TLS certificate. When enabled, client nodes connecting to the server must present a valid TLS certificate for authentication and for that certificate's Certificate Authority to exist in the server's Trusted Root. |
False |
-UseMutualTLSForServerToServer |
<String> |
Enforces the requirement for a valid server TLS certificate during communication. When enabled, the server nodes connecting to the first server must present a valid TLS certificate for authentication. Additionally, all servers need to have each other Certificate Autorities to exist in their Trusted Roots. |
True |
-Node |
<String> |
Specifies one or more IP addresses of cache servers, cache clients, or bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to enable TLS settings on the desired nodes. Please ensure that client nodes with NCache installed are included; for NCache clients without installation, use manual configuration. |
- |
-Credentials |
<pscredential> |
Specifies the user credentials required to authorize access for the specified operation. These credentials should belong to a user who has appropriate permissions at the node. |
- |
enable-ncachetls [-certificatename] -certificatethumbprint [-clientservercommunication] [-servertoservercommunication] [-bridgecommunication] [-usemutualtlsforclienttoserver] [-usemutualtlsforservertoserver] [-node] [-pfxpath] [-pfxpassword] [-userid] [-password]
Examples of Enable-NCacheTLS
- This command enables TLS encryption on 20.200.20.11 and 20.200.20.12 nodes for enhanced security on communication types
clientservercommunication and bridgecommunication. The usemutualtlsforclienttoserver specifies whether the certificate is required at the client end or not.
enable-ncachetls -node "20.200.20.11,20.200.20.12" -certificatename "MyCert" -certificatethumbprint "1234567890ABCDEF" -clientservercommunication -bridgecommunication -usemutualtlsforclienttoserver true
- This command enables TLS encryption on 20.200.20.11 and 20.200.20.12 nodes for enhanced security on the communication type
servertoservercommunication. The usemutualtlsforservertoserver specifies whether the certificate is required at the server end or not.
enable-ncachetls -node "20.200.20.11,20.200.20.12" -certificatename "MyCert" -certificatethumbprint "1234567890ABCDEF" -servertoservercommunication -usemutualtlsforclienttoserver false -usemutualtlsforservertoserver true
- This command enables TLS encryption on the 20.200.20.11 and 20.200.20.12 nodes for enhanced security on the
clientservercommunication and servertoservercommunication communication types. The pfxpath parameter specifies the PFX file path and its pfxpassword parameter. These parameters are only used by the Java client.
enable-ncachetls -node "20.200.20.11,20.200.20.12" -certificatename "MyCert" -certificatethumbprint "1234567890ABCDEF" -clientservercommunication -servertoservercommunication -pfxpath D:\my-cert.pfx -pfxpassword abc
Properties
Note
The parameters with asterisk (*) on their names are the required parameters and the rest are optional.
| Parameters |
Data Types |
Description |
Default Value |
-certificatename* |
<String> |
The certificate-name parameter specifies the name of the TLS certificate to be used for encryption. It provides the unique name associated with the desired TLS certificate for secure communication. |
- |
-certificatethumbprint* |
<String> |
Specifies the unique thumbprint of the TLS certificate to ensure its authenticity and integrity. It provides the fingerprint value associated with the desired TLS certificate for secure communication. |
- |
-clientservercommunication |
<SwitchParameter> |
Enables TLS encryption for communication between client and server nodes. |
False |
-servertoservercommunication |
<SwitchParameter> |
Enables TLS encryption for communication between server nodes within a cluster. |
False |
-bridgecommunication |
<SwitchParameter> |
Enables TLS encryption for communication between NCache bridge and geographically separate caches. |
False |
-usemutualtls-forclienttoserver |
<String> |
Enforces the requirement for a valid client TLS certificate. When enabled, client nodes connecting to the server must present a valid TLS certificate for authentication and for that certificate's Certificate Authority to exist in the server's Trusted Root. |
False |
-usemutualtlsforservertoserver |
<String> |
Enforces the requirement for a valid server TLS certificate during communication. When enabled, the server nodes connecting to the first server must present a valid TLS certificate for authentication. Additionally, all servers need to have each other Certificate Autorities to exist in their Trusted Roots. |
True |
-node |
<String> |
Specifies one or more IP addresses of cache servers, cache clients, or bridge nodes where TLS settings will be applied. Provide a comma-separated list of IP addresses to enable TLS settings on the desired nodes. Please ensure that client nodes with NCache installed are included; for NCache clients without installation, use manual configuration. |
- |
-pfxpath |
<String> |
Specifies the path to the PFX certificate file to be used by NCache Java clients on Linux machines for mutual client-server TLS authentication. This parameter is not required for Windows-based clients or cache servers. |
- |
-pfxpassword |
<String> |
Specifies the password associated with the PFX certificate file. This parameter is relevant only for NCache Java clients running on Linux machines and is used in conjunction with the PFXPath parameter. It is not applicable to Windows-based clients or cache servers. |
- |
-userid |
<String> |
Specifies the user id used to authorize the user for this operation. It is required in case security is enabled on Cache Server. This user id must be the active directory user id. |
- |
-password |
<String> |
Specifies the password of the user that is used to authorize the user for this operation. It is required in case security is enabled on Cache Server. This password must be the same as the active directory user password. |
- |
