Question

Why do we need to open port 80 all inbound/outbound for *.digicert.com

  • 5 November 2023
  • 2 replies
  • 102 views

Badge

Hi Team,

Wanted to know why port 80 has been used for *.digicert.com and *.digicertcdn. Also, why do we need to open inbound port for *.digicert.com?

Thanks,

Shoaib


2 replies

Shoaib,

 

Our apologies, that was a copy/paste error, but a great catch on your part! The Automox agent does not require any inbound connections and we have corrected the documentation.

 

With regards to the outbound port 80 question, that is because OSCP uses port 80 as an industry standard. The CRLs are already cryptographically signed, so an interception attack would not be able to manipulate the contents. Wrapping the connection in TLS doesn’t change that fact and DigiCert chooses not to use it for that reason.

 

Sincerely,

Jason

Badge

JasonK,

Thanks for the confirmation!

Reply