The PKIaaS Virtual Machine has the following network requirements.
PKIaaS Virtual Machine connection settings
The connection of the PKIaaS Virtual Machine requires a DHCP server with configured DNS.
PKIaaS Virtual Machine outbound access to Active Directory
Grant the PKIaaS Virtual Machine the following outbound access to:
- The Active Directory DNS servers (to query SRV DNS records for the FQDN of Active Directory Domain controllers).
- The Active Directory LDAP or LDAPS service (to look up information on Microsoft certificate templates, Active Directory users, and Active Directory machines).
See below for the required outbound ports.
Target port | Protocol | Application | Target service |
---|---|---|---|
53 | TCP/UDP | DNS | Active Directory DNS |
389 | TCP | LDAP | Active Directory secured with StartTLS |
636 | TCP | LDAPS | Active Directory |
If an attempted LDAPS connection fails, the PKIaaS Virtual Machine switches to LDAP port 389 and attempts to use StartTLS (because plaintext LDAP is not supported).
PKIaaS Virtual Machine outbound access to the Oracle Yum server
Grant the PKIaaS Virtual Machine the following outbound access to the Oracle Yum server.
yum.oracle.com
Target port | Protocol | Application |
---|---|---|
443 | TCP | HTTPS |
PKIaaS Virtual Machine outbound access to the PKIaaS package repository
Grant the PKIaaS Virtual Machine access to the package repository.
pkiaas-eu-prod-rpm.s3.eu-central-1.amazonaws.com
pkiaas-prod-rpm.s3.us-east-1.amazonaws.com
Target port | Protocol | Application |
---|---|---|
443 | TCP | HTTPS |
PKIaaS Virtual Machine outbound access to Entrust PKIaaS
Grant the PKIaaS Virtual Machine access to the Entrust PKIaaS services.
idp.eu.pkiaas.entrust.com
satellit.eu.pkiaas.entrust.com
wstep.eu.pkiaas.entrust.com
idp.pkiaas.entrust.com
satellit.pkiaas.entrust.com
wstep.pkiaas.entrust.com
Target port | Protocol | Application |
---|---|---|
443 | TCP | HTTPS |