Solved

What Ports need to be open to allow a Root and Subordinate CA to communicate?

Posted on 2010-11-09
3
1,203 Views
Last Modified: 2012-06-22
Hello;

I am build a new CA environment, it is going to be an enterprise CA setup in a domain that has a Forest Root and 4 Child Domains.  The security folks want the Root CA to be a member of the forest root and the Subordinate CAs to be members of one of the Child domains.  All the domains are separated by firewalls.  I have looked and I can't seem to find a complete list of ports required to be open to allow this to happen.  Does anyone know what these ports are and also if this is not a good design can someone point me to some reasoning why so I can take it back to security and see if they can be members in the same domain.

Thank You
0
Comment
Question by:wbithelpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34102672
Typically in a hierarchial CA setup like you are describing the root CA is created and used to certify the subordinate CAs. At that point the Root CA is shutdown and archived somewhere as it isn't really needed on an ongoing basis. To create your environment I would simply open up the firewall between the Windows boxes long enough to create your subordinate CAs then close them back up again.

Take a look at http://technet.microsoft.com/en-us/library/cc739695(WS.10).aspx for considerations to build your CA infrastructure.

Good Luck
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34415320
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question