Below is the Firewall ports requirements

 

Kerberos

464

Certificate Enrollment Web Services

Domain Controllers (DC)

Allow

Source Certificate Enrollment Web Services

         

Destination: DC

         

Service: Kerberos (network port tcp/464)

LDAP

389

Certificate Enrollment Web Services

Domain Controllers (DC)

Allow

Source Certificate Enrollment Web Services

         

Destination: DC

         

Service: LDAP (network port tcp/389)

LDAP

636

Certificate Enrollment Web Services

Domain Controllers (DC)

Allow

Source Certificate Enrollment Web Services

         

Destination: DC

         

Service: LDAP (network port tcp/636)

DCOM/RPC

1024-65500

Certificate Enrollment Web Services

CA

Allow

Please see for details on RPC/DCOM configuration: http://support.microsoft.com/kb/154596/en-us

HTTPS

443

All clients requesting certs

Certificate Enrollment Web Services

Allow

Source: Windows 7 client

         

Destination:

         

Service: https (network port tcp/443)

         

Certificate Enrollment Web Services

Bottom of Form

RPC

135

All clients requesting certs

Certificate Enrollment Web Services

Allow

Source: Windows 7 client

         

Destination: CA

         

Service: RPC

         

Done in Both Directions

Bottom of Form

 

This was taken and modified from the PKI Blog

Advertisements