6.3. Firewall Configuration

The following table lists the default ports used by Certificate System subsystems:

Table 6.1. Certificate System Default Ports

Service
Port
Protocol
HTTP
8080
TCP
HTTPS
8443
TCP
Tomcat Apache JServ Protocol (AJP)
8009
TCP
Tomcat Management
8005
TCP
If you use different ports, open them correspondingly in the firewall. For further details about ports, see Section 5.5.3, “Planning Ports”.
For ports required to access Directory Server, see corresponding section in the Directory Server Installation Guide.

6.3.1. Opening the Required Ports in the Firewall

To enable communication between the clients and Certificate System, open the required ports in your firewall:
  1. Make sure the firewalld service is running.
    # systemctl status firewalld
  2. To start firewalld and configure it to start automatically when the system boots:
    # systemctl start firewalld
    # systemctl enable firewalld
  3. Open the required ports using the firewall-cmd utility. For example, to open the Certificate System default ports in the default firewall zone:
    # firewall-cmd --permanent --add-port={8080/tcp,8443/tcp,8009/tcp,8005/tcp}
    For details on using firewall-cmd to open ports on a system, see the Red Hat Enterprise Linux Security Guide or the firewall-cmd(1) man page.
  4. Reload the firewall configuration to ensure that the change takes place immediately:
    # firewall-cmd --reload