Configuring Ports - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Chapter 13. Basic Subsystem Management

13.4. Configuring Ports

The Certificate System subsystem instances listen on different ports for requests from different types
of users. Four subsystems (the CA, DRM, OCSP, and TKS) listen on an agent port, an end-entity port,
and an administrative port, plus a standard non-SSL port. Two subsystems (the RA and TPS) listen on
SSL ports for agent and admin traffic and a standard port for end user traffic.
Figure 13.4. Certificate System Ports
For security reasons, the different subsystem services (administrative, agent, and end-entities) listen
on different TCP ports. New instances can be installed with separated ports or using a single SSL port,
depending on the port parameters used with pkicreate. The default ports are listed in
"Default Port Assignments for Certificate System
Subsystem Standard
CA 9180
DRM 10180
OCSP 11180
RA 12888
TKS 13180
TPS 7888
Table 13.3. Default Port Assignments for Certificate System 8.0
The ports for the different services to use are defined in the server.xml file for the CA, OCSP, DRM,
and TKS and in the httpd.conf and nss.conf files for the RA and TPS.
In the server.xml files for the CA, OCSP, DRM, and TKS, each interface is defined between the
<Service> and </Service> tags, in the <Connector port="..." line with the TCP port. For
example, for the CA:
306
8.0".
End-Entity End-Entity
SSL Client
Authentication
9444 9446
12890
7890
Agent SSL Admin SSL Tomcat
9443 9445
10443 10445
11443 11445
12889 12889
13443 13445
7889 7889
Table 13.3,
9701
10701
11701
13701