Client between Certificate Server
Ports: 443,80,135,geçici Portlar(49152 to 65535)
Certificate Enrolment Web Service: 443
Certificate Revocation List: 80
Client Auto-Enrolement :135 and Ephemeral Ports
Domain Controller between Certificate Server
464,389,636
Kerberos: 464
Ldap&Ldaps: 389 / 636
SMB Port Requirements
You can use if You have two CA
445: Revocation List
Protocol | Port | From | To | Action | Comments |
Kerberos | 464 | Certificate Enrollment Web Services | Domain Controllers (DC) | Allow | Source Certificate Enrollment Web Services Destination : DC Service : Kerberos (network port tcp/464) |
LDAP | 389 | Certificate Enrollment Web Services | Domain Controllers (DC) | Allow | Source Certificate Enrollment Web Services Destination: DC Service: LDAP (network port tcp/389) |
LDAP | 636 | Certificate Enrollment Web Services | Domain Controllers (DC) | Allow | Source Certificate Enrollment Web Services Destination: DC Service: LDAP (network port tcp/636) |
DCOM/RPC | Random port above port 1023 | · Certificate Enrollment Web Services · All XP clients requesting certs | CA | Allow | Please see for details on RPC/DCOM configuration: http://support.microsoft.com/kb/154596/en-us |
HTTPS | 443 | All clients requesting certs | Certificate Enrollment Web Services | Allow | Source: Windows 7 client Destination: Service: https (network port tcp/443) Certificate Enrollment Web Services |