See below for the network requirements for all Windows devices in an Active Directory forest.
Connection to the Windows domain is not a requirement for certificate enrollment. When fulfilling the below requirements, domain-joined devices can enroll for certificates even when not connected to the same network as the Windows domain.
Device outbound access to the Entrust WSTEP service
Grant any device access to Entrust PKIaaS.
EU region
wstep.eu.pkiaas.entrust.com
US region
wstep.pkiaas.entrust.com
Target port | Protocol | Application |
---|---|---|
443 | TCP | HTTPS |
Device outbound access to the Entrust certificate validation services
Grant any device access to the following Entrust certificate validation services
Target port | Protocol | Application | Target service |
---|---|---|---|
80 | TCP | HTTP | |
80 | TCP | HTTP |