Skip to main content
Skip table of contents

Appliance Firewall Rules

This document describes the network services offered by the appliance.

Service

InterfaceDirectionProtocolDestination PortComment
EJBCA
EJBCA CA webAPP, MGMTinHTTPS443http[s]://{hostname}/ejbca/adminweb
EJBCA RA webAPP, MGMTinHTTPS80, 443http[s]://{hostname}/ejbca/ra
EJBCA documentationAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/doc
EJBCA CRL distributionAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/publicweb/webdist/certdist?cmd=[crl|deltacrl]&issuer={subjectDn}
EJBCA CA certificate distributionAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/publicweb/certificates/search.cgi
EJBCA healthcheckAPP,MGMTinHTTP, HTTPS80, 443http://{hostname}/ejbca/publicweb/healthcheck/ejbcahealth
http://{hostname}/ejbca/publicweb/healthcheck/vastatus
EJBCA web service APIAPP, MGMTinHTTPS443https://{hostname}/ejbca/ejbcaws/ejbcaws?wsdl
EJBCA OCSP responderAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/publicweb/status/ocsp
EJBCA SCEPAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/publicweb/apply/scep/[{alias}/]pkiclient.exe
EJBCA CMPAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/publicweb/cmp[/{alias}]
EJBCA ACMEAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname]/ejbca/acme/[{alias}/]
EJBCA ESTAPP, MGMTinHTTPS443https://{hostname}/ejbca/.well-known/est/[{alias}/]
EJBCA REST APIAPP; MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/ejbca/ejbca-rest-api
SCT submissionAPPoutHTTPSconfigurableCT log server configured in EJBCA's system configuration.
DNS lookupsAPPoutDNSconfigurableDNS server configured in EJBCA. Used for ACME domain validation and CAA.
Peer systemsAPPout (from CA),
in (to RA and VA)
HTTPS443https://{hostname}/ejbca/peer/v1
EJBCA LDAP publisherAPPoutHTTP, HTTPSconfigurableLDAP server configured in EJBCA.
EJBCA AD publisherAPPoutHTTP, HTTPSconfigurableAD server configured in EJBCA.
EJBCA SCP publisherAPPoutSSH22SSH server configured in EJBCA.
SignServer
SignServer administration webAPP, MGMTinHTTPS443http[s]://{hostname}/signserver/adminweb
SignServer public webAPP, MGMTinHTTP, HTTPS80, 443http[s]://{hostname}/signserver
Time monitoringAPPoutNTP53NTP server configured in the Time Monitor worker.
SignServer web service APIAPP, MGMTinHTTPS443https://{hostname}/signserver/AdminWSService/AdminWS
https://{hostname}/signserver/ClientWSService/ClientWS
SignServer healthcheckAPP, MGMTinHTTP, HTTPS80, 443http://{hostname}/signserver/healthcheck/signserverhealth
TimestampingAPPinHTTP, HTTPS80, 443http[s]://{hostname}/signserver/process?workerId={workerId}

Certificate renewal using peer systems

APPinHTTPS443

https://{hostname}/ejbca/peer/v1

Appliance
Cluster communicationAPPout, inGREN/AIf clustering is used.
WebConfMGMTinHTTPS443https://{hostname}/webconf
NTPMGMToutUDP123If NTP is enabled in WebConf.
SNMPAPP, MGMTinSNMP v2
SNMP v3
161
Syslog shippingAPP, MGMToutUDP514If syslog shipping is enabled in WebConf.
DNSAPPoutDNS53If DNS is enabled in WebConf.
SSHMGMTinSSH v222If SSH is enabled in WebConf.
BackupsMGMToutNFS v3/v4111, 2049
Email notificationsAPPoutSMTP25Only if DNS is enabled and email notifications are used in EJBCA.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.