?
Solved

What Ports need to be open to allow a Root and Subordinate CA to communicate?

Posted on 2010-11-09
3
Medium Priority
?
1,233 Views
Last Modified: 2012-06-22
Hello;

I am build a new CA environment, it is going to be an enterprise CA setup in a domain that has a Forest Root and 4 Child Domains.  The security folks want the Root CA to be a member of the forest root and the Subordinate CAs to be members of one of the Child domains.  All the domains are separated by firewalls.  I have looked and I can't seem to find a complete list of ports required to be open to allow this to happen.  Does anyone know what these ports are and also if this is not a good design can someone point me to some reasoning why so I can take it back to security and see if they can be members in the same domain.

Thank You
0
Comment
Question by:wbithelpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Accepted Solution

by:
bgoering earned 2000 total points
ID: 34102672
Typically in a hierarchial CA setup like you are describing the root CA is created and used to certify the subordinate CAs. At that point the Root CA is shutdown and archived somewhere as it isn't really needed on an ongoing basis. To create your environment I would simply open up the firewall between the Windows boxes long enough to create your subordinate CAs then close them back up again.

Take a look at http://technet.microsoft.com/en-us/library/cc739695(WS.10).aspx for considerations to build your CA infrastructure.

Good Luck
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34415320
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question