Ports and Protocols
Pre-installation requirements:
Make sure that the network administration has granted the necessary rights to generate the following connections.
If outgoing traffic is targeted at an IP address that exists in the subnet of a network interface, it is sent via that interface.
However, if the destination is a hostname or IP address that must be routed, it is routed via the Default interface.
Protocol | Direction | Port | Comment |
|---|---|---|---|
HTTP | in | 80 | TCP (Transmission Control Protocol) |
HTTPS | in | 443 | TCP (Transmission Control Protocol) |
SNMP (Simple Network Management Protocol) * | in | 161 | UDP (User Datagram Protocol) |
internal clustering (VPN) | in/out | 54905 | UDP |
NTP (Network Time Protocol) optional | out | 123 | Default UDP |
DNS (Domain Name System) | out | 53 | UDP |
Syslog (System Logging Protocol) | out | 514 (configurable) | Default UDP |
NFS | out | 2049 | TCP, NFS for Backup & updates |
SMTP (Simple Mail Transfer Protocol) | out | 587 |
* SNMP get (no traps)
HSM (Hardware Security Module) | Direction | Port |
|---|---|---|
Luna S790 for Remote Backup Service | out | varies/1792 (configurable) |
Luna S790 for Remote PIN Entry Device | out | varies/1503 (configurable) |
u.trust Se100/Se2k for remote PIN Pad | out | varies/6070 (configurable) |
External Database | Direction | Port |
|---|---|---|
MariaDB Database | out | 3306 |
Oracle Database | out | 1521 |
PostgreSQL | out | 5432 |
Microsoft SQL Server | out | 1433 |
Service | Interface | Direction | Comment |
|---|---|---|---|
EJBCA | |||
EJBCA Admin Web |
| in | |
EJBCA RA Web |
| in | |
EJBCA .well-known |
| in | |
EJBCA Web Services |
| in | |
EJBCA ACME |
| in | |
EJBCA General |
| in | This includes all |
Service | Interface | Direction | Comment |
|---|---|---|---|
SignServer | in | ||
SignServer Admin Web |
| in | |
SignServer Web Services |
| in | |
SignServer Client Web |
| in | This includes all internal |