Updated on 2022-04-02 GMT+08:00

Configuring a Port

Context

  • In the multi-tenant deployment scenario, you need to contact the administrator to configure a port.
  • For details about the port description, see Table 1.
    Table 1 Port parameters

    Protocol

    Port

    Description

    CMP

    26801

    HTTP port. After the port is enabled, you can use the CMP to apply for a certificate.

    NOTE:

    HTTPS is more secure than HTTP. Therefore, you are advised to select HTTPS (One-way authentication or Two-way authentication) when configuring CMP.

    26802

    One-way TLS authentication port. When the CMP is used to apply for a certificate, the client needs to authenticate the CA server.

    26803

    Two-way TLS authentication port. When the CMP is used to apply for a certificate, the client and CA server must authenticate each other.

    Privacy CA protocol

    26805

    One-way TLS authentication port. When the privacy CA protocol is used to apply for a certificate through this port, the client needs to authenticate the CA server.

Procedure

  1. Choose System > About > Certificate Authority Service from the main menu.
  2. Choose Global Configuration > Port Management from the navigation tree on the left.
  3. Enable or disable a port as required.

    • Click Enable to enable the port.
    • Click Disable to disable the port.
    • After the port is disabled and the HiSecLiteCA service is restarted, the certificate cannot be applied for through the port. Exercise caution when performing this operation.
    • Actual status indicates the real status of the port on the CA server. If Enable is displayed, the port is enabled and can be used to apply for a certificate. If Disable is displayed, the port is disabled and cannot be used to apply for a certificate.
    • Configured status indicates the required status of the port. If Enable is displayed, the port needs to be enabled. If Disable is displayed, the port needs to be disabled. After the service is restarted, the system port of the CA server is enabled or disabled based on the port's configured status and TLS certificate configuration.

Follow-up Procedure

Restarting the Certificate Authority Service

After enabling or disabling a port, you need to restart the HiSecLiteCA service on the PowerEcho for the port configuration to take effect. For detailed operations, see "Stopping Product Services" and "Starting Product Services" in the Administrator Guide.

After enabling the TLS one-way or two-way authentication port, you need to configure the corresponding TLS certificate and restart the HiSecLiteCA service on the PowerEcho for the port configuration to take effect.

Related Tasks

Querying the port status

On the Global Configuration > Port Management page, you can view the current status of a port in the Actual Status column.