HOW-TO Use port numbers and domain name for STM

services

Version Date Sign Description

1.0 2019-01-09 MO

This HOW-TO explains how to establish the requirements for the firewall setting in front of a STM Service, and using domain name in relation to the domain set in certificates.

Internet

Recommended Port Usage for STM Service

Service

Service

URL=https://ip [443]

Incoming port interval:• 443 (default SSL)• 8000-8100• 8443

Service

:443

Service

:8000-8100

:8443

Service

:9000

Internet

Recommended Port Usage for STM Service

Service

Service

URL=https://ip [443]

Outgoing port interval:• 443 (default SSL)• 8000-8100• 8443

Service

:443

Service

:8000-8100

:8443

Service:9000

Domain nameThere are interoperability issues using IP-address for service, and therefore the requirement in STM is that the domain shall be properly registered and registered in DNS.

The server certificate contains field for the domain where the service is located. This must be a domain name and not an IP address.

• CN=Common Name

• SAN=Subject Alternative Name (RFC 2818)

Example:

The URL to the service is https://smavis.stmvalidation.eu/stmvalidation

The CN=smavis.stmvalidation.eu

Ref https://support.dnsimple.com/articles/what-is-common-name/#common-name-vs-subject-alternative-name