Solving the "All Open" Rule Problem for Acquiring a Machine Certificate from an Enterprise CA

By /

Stefaan Pouseele posted a great blog entry this week on how to configure the Enterprise CA to use a specific port that can be used to make a request to an online Enterprise CA without having to create an “All Open” rule between the ISA Firewall and the CA. Stefaan points out that there are basically four steps:

  • On the CA, configure the RPC application or DCOM endpoint to use a custom TCP protocol port as a static port.
  • On the ISA, turn off the “Enable strict RPC compliance” setting on the RPC access rule.
  • On the ISA, create the custom protocol for outbound use.
  • On the ISA, create an access rule to allow the custom protocol between the required source and destination.

For the details on how to carry out the config, check out Stefaan’s blog at:

http://blogs.isaserver.org/pouseele/2007/10/12/certificate-enrollment-requires-a-custom-protocol/

HTH,

Tom

Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: [email protected]
MVP — Microsoft Firewalls (ISA)

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top