Solved

What Ports need to be open to allow a Root and Subordinate CA to communicate?

Posted on 2010-11-09
3
1,146 Views
Last Modified: 2012-06-22
Hello;

I am build a new CA environment, it is going to be an enterprise CA setup in a domain that has a Forest Root and 4 Child Domains.  The security folks want the Root CA to be a member of the forest root and the Subordinate CAs to be members of one of the Child domains.  All the domains are separated by firewalls.  I have looked and I can't seem to find a complete list of ports required to be open to allow this to happen.  Does anyone know what these ports are and also if this is not a good design can someone point me to some reasoning why so I can take it back to security and see if they can be members in the same domain.

Thank You
0
Comment
Question by:wbithelpdesk
3 Comments
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34102672
Typically in a hierarchial CA setup like you are describing the root CA is created and used to certify the subordinate CAs. At that point the Root CA is shutdown and archived somewhere as it isn't really needed on an ongoing basis. To create your environment I would simply open up the firewall between the Windows boxes long enough to create your subordinate CAs then close them back up again.

Take a look at http://technet.microsoft.com/en-us/library/cc739695(WS.10).aspx for considerations to build your CA infrastructure.

Good Luck
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34415320
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now