All versions of Venafi Director, TrustAuthority & TrustForce
Here is a list of ports that you need to successfully operate the Venafi environment.
For successful startup and login of the Venafi application these ports need to be open:
- To login through the Web based administration (WEBADMIN) console, you need either to open port 80 for HTTP, or 443 for HTTPS.
- For the Director (up to version 15.2) logging server, you need port 689 open.
- For successful discovery of certificates via any of Venafi agents you need port 443 open.
- To connect to a Oracle Database, use 1521.
- To connect to a MS SQL Database ( version 2008 or 2012) user 1433.
- Active Directory connector port information can be found here
- The port at which the Venafi agents check in with the Venafi server, using REST API, is 443.
- To communicate to Microsoft Certificate Authority service, and IIS, we use the Microsoft Distributed Component Object mode DCOM, which uses port 135.
- Microsoft RPC ports must be open to the target system (135, 49152-65535/tcp by default, these can be constrained per Microsoft KB154596). Note: IIS6 Driver leverages Microsoft RPC.
- SSH is frequently used to communicate to and manage applications via port 22.
- SCP- used to send reports- uses SSH on port 22.
- FTP - used to send reports- uses port 21.
- SNMP and SMTP services are employed when needed, using port 161 and 25 respectively.
- http://<IP address of the host>/VEDAdmin/Login.aspx.
IIS 7 starts its default web site before any other sites on the server, but IIS 6 started the default web site last. Consequently, due to the way IIS 7 starts, you must disable the default web site or change its port assignment. Otherwise, when restarting IIS 7 after installing Venafi Trust Protection Platform Certificate Manager product, the Venafi web server cannot start.
TIP: Finding out what port is being used for what:
You can use one of the below commands to determine what ports are open. The Certificate Manager service is called vplatform.exe and the loging service is called logservice.exe
1: netstat - a ( simple results sent to the command line screen output)
2: netstat -nabo > netstat.txt ( names the service running on the port, and outputs the output to a text file)
3: TCPVIEW, from sys internals, is also a good Windows tool to use to view ports that are active. It also allows you to sort by PID ( process) thereby enabling you to kill all connections from say, Vplatfom.exe, for example.