The PKIaaS Virtual Machine has the following network requirements.

PKIaaS Virtual Machine connection settings

The connection of the PKIaaS Virtual Machine requires a DHCP server with configured DNS.

PKIaaS Virtual Machine outbound access to Active Directory

Grant the PKIaaS Virtual Machine the following outbound access to:

  • The Active Directory DNS servers (to query SRV DNS records for the FQDN of Active Directory Domain controllers).
  • The Active Directory LDAP or LDAPS service (to look up information on Microsoft certificate templates, Active Directory users, and Active Directory machines).

See below for the required outbound ports.

Target port

Protocol

Application

Target service

53

TCP/UDP

DNS

Active Directory DNS

389

TCP

LDAP 

Active Directory secured with StartTLS 

636

TCP

LDAPS

Active Directory 

If an attempted LDAPS connection fails, the PKIaaS Virtual Machine switches to LDAP port 389 and attempts to use StartTLS (because plaintext LDAP is not supported). 

PKIaaS Virtual Machine outbound access to the Oracle Yum server

Grant the PKIaaS Virtual Machine the following outbound access to the Oracle Yum server.

yum.oracle.com

Target port

Protocol

Application

443

TCP

HTTPS

PKIaaS Virtual Machine outbound access to the PKIaaS package repository

Grant the PKIaaS Virtual Machine access to the package repository. 

EU region
pkiaas-eu-prod-rpm.s3.eu-central-1.amazonaws.com
US region
pkiaas-prod-rpm.s3.us-east-1.amazonaws.com

Target port

Protocol

Application

443

TCP

HTTPS

PKIaaS Virtual Machine outbound access to Entrust PKIaaS

Grant the PKIaaS Virtual Machine access to the Entrust PKIaaS services.

EU region
idp.eu.pkiaas.entrust.com
satellit.eu.pkiaas.entrust.com
wstep.eu.pkiaas.entrust.com
US region
idp.pkiaas.entrust.com
satellit.pkiaas.entrust.com
wstep.pkiaas.entrust.com

Target port

Protocol

Application

443

TCP

HTTPS