Solving the "All Open" Rule Problem for Acquiring a Machine Certificate from an Enterprise CA
Stefaan Pouseele posted a great blog entry this week on how to configure the Enterprise CA to use a specific port that can be used to make a request to an online Enterprise CA without having to create an "All Open" rule between the ISA Firewall and the CA. Stefaan points out that there are basically four steps:
- On the CA, configure the RPC application or DCOM endpoint to use a custom TCP protocol port as a static port.
- On the ISA, turn off the “Enable strict RPC compliance” setting on the RPC access rule.
- On the ISA, create the custom protocol for outbound use.
- On the ISA, create an access rule to allow the custom protocol between the required source and destination.
For the details on how to carry out the config, check out Stefaan's blog at: