• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1256
  • Last Modified:

What Ports need to be open to allow a Root and Subordinate CA to communicate?

Hello;

I am build a new CA environment, it is going to be an enterprise CA setup in a domain that has a Forest Root and 4 Child Domains.  The security folks want the Root CA to be a member of the forest root and the Subordinate CAs to be members of one of the Child domains.  All the domains are separated by firewalls.  I have looked and I can't seem to find a complete list of ports required to be open to allow this to happen.  Does anyone know what these ports are and also if this is not a good design can someone point me to some reasoning why so I can take it back to security and see if they can be members in the same domain.

Thank You
0
wbithelpdesk
Asked:
wbithelpdesk
1 Solution
 
bgoeringCommented:
Typically in a hierarchial CA setup like you are describing the root CA is created and used to certify the subordinate CAs. At that point the Root CA is shutdown and archived somewhere as it isn't really needed on an ongoing basis. To create your environment I would simply open up the firewall between the Windows boxes long enough to create your subordinate CAs then close them back up again.

Take a look at http://technet.microsoft.com/en-us/library/cc739695(WS.10).aspx for considerations to build your CA infrastructure.

Good Luck
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now