Link to home
Avatar of George Coles
George ColesFlag for United States of America

asked on

SSL certificate authentication

We have a application being built that will consist of a app server, a db server, and workstations. The app server will house a ssl cert store and will handle certs for our internal network. We have been told that we need to open up a lot of ports in our firewall to allow this server to go out to digicert to authorize the certs.
A) Are these ports needed?
b) If so, exactly what ports are needed?
Avatar of Emmanuel Adebayo
Emmanuel Adebayo
Flag of United Kingdom of Great Britain and Northern Ireland image

No you just need ports 80 and 443.

Sorry, I forgot to ask if it's a web application, then you open the ports above. If you want the application to be access on specific ports u will need to open this on your firewall.

Avatar of George Coles


Even if we don't want external access?
Not necessarily.  

You will need to download the Intermediate Certificate Chain (CER)
The Root Certificate (CER)

Those must be added to the Microsoft Crypto Store under Enterprise Trusted Root Intermediate and Enterprise Trusted Roots
That was done initially.  Does the crypto store have any reason to go out to re-authorize the cert to digicert after that?
Not the server.  If this is not in the client Crypto store it might.

If the application and database require encryption between the two then both server(s) must have the intermediate and root certificate.
The only other reason it would check the internet is CRL.

Which you can disable in Microsoft OS
What is CRL?
Certificate Revocation List
Avatar of Brian Murphy
Brian Murphy
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial