Solved

What Ports need to be open to allow a Root and Subordinate CA to communicate?

Posted on 2010-11-09
3
1,172 Views
Last Modified: 2012-06-22
Hello;

I am build a new CA environment, it is going to be an enterprise CA setup in a domain that has a Forest Root and 4 Child Domains.  The security folks want the Root CA to be a member of the forest root and the Subordinate CAs to be members of one of the Child domains.  All the domains are separated by firewalls.  I have looked and I can't seem to find a complete list of ports required to be open to allow this to happen.  Does anyone know what these ports are and also if this is not a good design can someone point me to some reasoning why so I can take it back to security and see if they can be members in the same domain.

Thank You
0
Comment
Question by:wbithelpdesk
3 Comments
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34102672
Typically in a hierarchial CA setup like you are describing the root CA is created and used to certify the subordinate CAs. At that point the Root CA is shutdown and archived somewhere as it isn't really needed on an ongoing basis. To create your environment I would simply open up the firewall between the Windows boxes long enough to create your subordinate CAs then close them back up again.

Take a look at http://technet.microsoft.com/en-us/library/cc739695(WS.10).aspx for considerations to build your CA infrastructure.

Good Luck
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34415320
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question