CMS PortsChapter 11 Setting Up Ports 361Agent PortThe agent port is an SSL (encrypted) port at which Certificate Management Systemlistens to requests from agents; agents make these requests from the appropriateAgent Services interface.• The Certificate Manager and Registration Manager agents use the agent port toprocess certificate issuance and management requests from end entities and toperform certain other privileged operations over HTTPS.• Data Recovery Manager agents use the agent port for recovering end users’encryption private keys over HTTPS.Agent functions always require SSL client authentication. For a brief list ofsupported agent operations, see “Agent Services Interface” on page 68.When you install Certificate Management System, it assigns a random number(greater than 1024) as the agent port number and prompts you to change it, ifnecessary; the port number can be any number between 1 and 65535. The numberyou choose for the agent port affects your agent users—all agents access CertificateManagement System by specifying the name of the server (the CMS instance) andthe agent port number in the URL. For example, if you choose port number 4430,the URL would look like this:https://:4430/ is in the form .. is a prefix identifying the subsystem that hosts the agent interface: cafor the Certificate Manager, ra for the Registration Manager, kra for the DataRecovery Manager, and ocsp for Online Certificate Status Manager.For example, the URL to a Certificate Manager agent interface would look like this:https://demoCA.example.com:5600/caIf you change the agent port number, be sure to inform your agent users.End-Entity PortsFor requests from end entities, Certificate Management System can listen to twoports, an SSL (encrypted) port and a non-SSL port. End entities make theserequests from the end entity services interface; see “End-Entity Services Interface”on page 72.Certificate Management System provides the following services through the HTTPand HTTPS ports: