Shoaib,

Our apologies, that was a copy/paste error, but a great catch on your part! The Automox agent does not require any inbound connections and we have corrected the documentation.

With regards to the outbound port 80 question, that is because OSCP uses port 80 as an industry standard. The CRLs are already cryptographically signed, so an interception attack would not be able to manipulate the contents. Wrapping the connection in TLS doesn’t change that fact and DigiCert chooses not to use it for that reason.

Sincerely,

Jason

JasonK,

Thanks for the confirmation!