Network and Firewall Requirements

CERTINext requires specific network configurations to enable communication between Bots, servers, Certificate Authorities, and external systems.

Network Communication Model

Bot ↔ CERTINext Platform (HTTPS)
Bot ↔ Target Servers (SSH/SMB/API)
CERTINext ↔ CA Providers (API calls)

Required Ports

Component

Protocol

Port

Direction

Purpose

Bot → CERTINext

HTTPS

443

Outbound

API communication

Bot → Linux Servers

SSH

Outbound

Remote deployment

Bot → Windows Servers

SMB

445

Outbound

File transfer

Bot → Web Servers

TCP

443 / Custom

Outbound

Certificate scan

Bot → F5 / APIs

HTTPS

443

Outbound

Load balancer integration

CERTINext → CA

HTTPS

443

Outbound

Certificate issuance

Required Hostnames

Service

Description

certinext.io

CERTINext platform access

api.certinext.io

API communication

CA endpoints

emSign, DigiCert, emCA APIs

Firewall Requirements

Allow outbound HTTPS (443) from Bot
Allow inbound SSH/SMB from Bot to servers
Ensure DNS resolution for all endpoints
Avoid SSL inspection for CA communication

Best Practices

Use dedicated Bot servers
Restrict access using IP whitelisting
Monitor network latency and connectivity
Ensure high availability for production

PreviousSupported Platforms for Deployment NextHigh Availability and Disaster Recovery

Last updated 1 month ago