Show Table of Contents
6.3. Firewall Configuration
The following table lists the default ports used by Certificate System subsystems:
Table 6.1. Certificate System Default Ports
|
Service
|
Port
|
Protocol
|
|---|---|---|
|
HTTP
|
8080
|
TCP
|
|
HTTPS
|
8443
|
TCP
|
|
Tomcat Apache JServ Protocol (AJP)
|
8009
|
TCP
|
|
Tomcat Management
|
8005
|
TCP
|
If you use different ports, open them correspondingly in the firewall. For further details about ports, see Section 5.5.3, “Planning Ports”.
For ports required to access Directory Server, see corresponding section in the Directory Server Installation Guide.
6.3.1. Opening the Required Ports in the Firewall
To enable communication between the clients and Certificate System, open the required ports in your firewall:
- Make sure the
firewalldservice is running.# systemctl status firewalld
- To start
firewalldand configure it to start automatically when the system boots:# systemctl start firewalld # systemctl enable firewalld
- Open the required ports using the
firewall-cmdutility. For example, to open the Certificate System default ports in the default firewall zone:# firewall-cmd --permanent --add-port={8080/tcp,8443/tcp,8009/tcp,8005/tcp}For details on usingfirewall-cmdto open ports on a system, see the Red Hat Enterprise Linux Security Guide or the firewall-cmd(1) man page. - Reload the firewall configuration to ensure that the change takes place immediately:
# firewall-cmd --reload
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.