Changing A Port Number - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Ports
•
The HTTP port can be used to service end-entity-initiated PKI requests, such as
enrollment, renewal, and revocation; enrollment requests can include requests from
Cisco routers (using the CEP protocol); general certificate retrieval requests, such as
retrieving a single certificate identified by a serial number, listing certificates based on
certain criteria (for example, an LDAP search filter defined over standard attributes),
and getting a CA's certificate chain. You can disable this port if it will not be used.
•
The HTTPS port can be used to service end-entity-initiated PKI requests, such as
enrollment, renewal, and revocation; enrollment requests can include requests from
Cisco routers (using the CEP protocol); general certificate retrieval requests, such as
retrieving a single certificate identified by a serial number, listing certificates based on
certain criteria (for example, an LDAP search filter defined over standard attributes),
and getting a CA's certificate chain. The HTTPS port uses SSL authentication
providing a secure transfer of data to this port.
Similar to the HTTP port, you can enable or disable the HTTPS port. For example, if
you don't want end-entity interaction with a Certificate Manager, you can disable the
HTTPS port. For details, see "Changing a Port Number" on page 278.
If this CS instance is for a Certificate Manager and if the Certificate Manager is configured
to service OCSP requests from OCSP-compliant clients, then this port must be enabled so
that OCSP-compliant clients can successfully query the Certificate Manager for the
revocation status of a certificate. For details, see "Setting Up a Certificate Manager with
OCSP Service" on page 161.
Similarly, for issuing certificates to routers (using the CEP protocol), the port must be
enabled. For details, see "CEP Enrollment," on page 395."
Changing a Port Number
To change a port number:
Stop the CS instance; see "Starting, Stopping, and Restarting CS Instances" on
1.
page 246.
Go to the CS configuration directory:
2.
<server_root>/cert-<instance_id>/config
Open the
3.
❍
278
Red Hat Certificate System Administrator's Guide • September 2005
file in a text editor and edit the appropriate port numbers:
server.xml
To change the administration port, locate this line and edit the value of the
attribute:
<LS id="admin" ip="0.0.0.0" port="8200" security="on"
acceptorthreads="1" blocking="no">
port
Advertisement
Table of Contents
