Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2. <strong>Participant</strong> Workstation, Network & Security IMO_MAN_0024<br />
Access is transparently handled via https through <strong>IESO</strong> portal servers as all certificate<br />
management communication (except for creation and recovery) is proxied through the<br />
<strong>IESO</strong> to Verizon / Cybertrust. The <strong>IESO</strong> administers all IP address configuration for the<br />
Certification Authority systems used with the Portal. Therefore no changes are required<br />
on the part of the Market <strong>Participant</strong> for portal PKI capability to handle the Verizon<br />
Cybertrust data center move. Only the <strong>IESO</strong> needs to make the required changes on its<br />
servers.<br />
Portal Sandbox/ Production Environments for Replacement Verizon CA Servers –<br />
Starting early March 2010<br />
Cybertrust Production System CA Manager Domain - version 7.2<br />
Domain name = ccica2.idm.cybertrust.com<br />
Access is transparently handled via https through <strong>IESO</strong> portal servers as all certificate<br />
management communication (except for creation and recovery) is proxied through the<br />
<strong>IESO</strong> to Verizon / Cybertrust. The <strong>IESO</strong> administers all IP address configuration for the<br />
Certification Authority systems used with the Portal. Therefore no changes are required<br />
on the part of the Market <strong>Participant</strong> for portal PKI capability to handle the Verizon<br />
Cybertrust data center move. Only the <strong>IESO</strong> needs to make the required changes on its<br />
servers.<br />
Ports<br />
174 Port 443 must be open to allow access over SSL (Secure Socket Layer). Market<br />
participants with firewalls must have this port open for communication with the <strong>IESO</strong><br />
systems and its Certification Authority.<br />
175 Port 389 must be open to allow access to the <strong>IESO</strong>'s Certification Authority's LDAP<br />
Servers (Directory Server Domain) for the MPI. For the <strong>IESO</strong> Portal‟s TruePass<br />
component all CA directory communications are routed through the <strong>IESO</strong> systems via<br />
port 443 (https/SSL). LDAP Servers contain the following and more:<br />
Certificate Revocation Lists (CRL‟s)<br />
The CA's credentials<br />
The policy certificates<br />
The attribute certificates (if applicable)<br />
User Certificates<br />
Market participants with firewalls must have this port open for communication with the <strong>IESO</strong><br />
Certification Authority.<br />
176 Port 829 must be open to allow access to the identified Certification Authority Manager<br />
(CA Manager Domain) systems. Market participants with firewalls must have this port<br />
open for the specific IP addresses/domains for communication with the <strong>IESO</strong> CA for<br />
the Certificate Management Protocol. This provides for automatic or manual updating<br />
of certificate files upon imminent expiry of certificate keys. Automatic certificate<br />
updates will be processed by the MPI (Market <strong>Participant</strong> Graphical User Interface) or<br />
MIM API and manual updates can be accomplished with the CLS. For the <strong>IESO</strong><br />
Portal‟s TruePass component all CA management communications are routed through<br />
52 Public Issue 21.1 – March 15, 2010 - estimated