Communications between Root CA and subs
Results 1 to 4 of 4

Thread: Communications between Root CA and subs

  1. #1
    Junior Member
    Join Date
    Jan 2006
    Posts
    14

    Communications between Root CA and subs

    Hi All

    Maybe someone on here can answer a question that I can't find the answer to on TechNet (quell suprise!)

    On my company's wan is a Root CA (microsoft certificate services on Win2003 Ent). This is in site A.

    There will be two subordinate CA's installed in Site B and Site C (two sites on cold failover)

    We have lots of firewalls in-between the Root and the subs.

    Can anyone tell me what firewall ports need to be opened up between site A and B/C?

    It uses V3 certs if that makes any difference.

    I'm guessing TCP port 135, but I can't find any confirmation of this anywhere.

    Cheers

    Sean
    If a packet falls in an empty network, - does it make any noise?

  2. #2
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    Well CA's communicate via AD replication either intra site or intersite.

    If your AD replication is working then there is no problem, you dont need to open a specific port for CA comms.

    We have 4 seperate sites all seperated by firewall and they communicate fine through AD replication.

    Unless im missing something in your question ?
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  3. #3
    Junior Member
    Join Date
    Jan 2006
    Posts
    14
    Aaha! Yes, sorry, I forgot to say that the boxes aren't AD integrated.

    For security reasons, they can't be on a domain.
    If a packet falls in an empty network, - does it make any noise?

  4. #4
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    sorry i.m confused.

    So you have a stand alone root CA (you cant have a enterprise root as that is depenant on AD) which should also be offline) that you want to communicate with B/C ?

    What sort of communication do you want to take place and why ?

    sorry if im confused

    however CA serivces use RPC and DCOM to communicate so port 135 and random ports greater than 1024.

    of course u wil aslo need 443 etc for SSL aswell.
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •