Table of Contents

Workstation HW & OS Requirements

Hardware and software has changed significantly since CeRTNA's original launch in 2008. Since that time the CeRTNA ERDS application environment is transitioning from a simple web client application to a more sophisticated thick client application named APEX.

Hardware Requirements

The following workstation specifications are designed to satisfy the requirements for running APEX and are current as of May 10, 2025:

  • Processor: Intel i5 or greater
  • Memory: 16 GB Minimum / 32 GB Recommended
  • Disk Storage: 100 GB Recommended (Depends on your environment. See note.)
  • USB Port: Available USB 2.0 port (See note.)
  • Network Adapter: 100 Mbps or higher.

Notes:

  • The SafeNet eToken requires a USB 2.0 or 3.0 style port. USB-C adapters are not supported.
  • CeRTNA exchanges files with the recording vendor software using a Windows folder. This folder can be either a local folder on the local hard drive of the workstation, for example the C: drive, or it can be a shared network folder, for example \\your_server\shared_folder\. If you use a network share, the CeRTNA ERDS workstation will need to have network access to the shared folder or UNC path where the CeRTNA ERDS XML transactions will be accessed for submissions, stored upon retrieval, and or picked up for return. Please refer to the section Folder Structure in the Workstation Installation Guide for a description of how the standard CeRTNA ERDS folder structure should be created.
  • In most cases, the Disk Storage requirements for CeRTNA are minimal. The XML files that are submitted by an agent or returned by a county are moved to a PROCESSED subfolder and APEX automatically keeps the subfolder cleaned up based on a “Number of days to keep files” setting in CeRTNA's agent and/or county configuration record. The current default setting for the “Number of days to keep files” is 45. The larger that number is, the more storage space that will be used. Allocating 100 GB of storage space will most likely cover any storage requirements needed by APEX.
  • If you will be using a standalone workstation, you will need a security cabinet for your ERDS workstation. You can click this link to see a security cabinet that CeRTNA recommends.
  • If you will be submitting transactions, you may need to acquire a scanner and scanning software. The brand of scanner/software is left up to the submitter, however, any scanner/software selected needs to be able to produce, black & white, CCITT T.6 (Group4-Compressed), 300 dpi, TIFF image files.

Operating System Requirements

CeRTNA will certify and support the CeRTNA ERDS software (APEX) and the required tools on the following Microsoft Windows platforms:

  • Windows 10 Professional (32-bit or 64-bit versions.)
  • Windows 11 Professional (64-bit version.)
  • Windows Server 2012 Standard/Enterprise (Installed as a VM.)
  • Windows Server 2019 Standard/Enterprise (Installed as a VM.)

Important: Home Editions of Microsoft Windows operating systems are not supported because they do now have support for Local Security Policy.

Firewall Considerations

APEX communicates using SSL port 443 (https) and some communications take place using port 80 (http). The following table contains a list of hosts that must be reachable in order for APEX to be installed or be used after the installation:

Host IP Address Description
dev-ws02.certna.org 204.246.133.236 APEX installation
apex-setup.certna.org 204.246.133.236 APEX installation
apex-prd.certna.org 204.246.133.237 APEX production ERDS web
apex-prd.certnag2g.org 209.170.199.196 APEX production G2G web
reports.certna.org 204.246.133.238 APEX production ERDS reports
reports.certnag2g.org 209.170.199.202 APEX production G2G reports
*.digicert.com * PKI certificates (Note 2)
*.ssl.com * Code Signing certificate (Note 2)
*.godaddy.com * SSL certificates (Note 2)

CeRTNA no longer interfaces with Entrust, therefore, the references to *.entrust.com and *.entrust.net shown above have been stricken out.

Note 1: CeRTNA recognizes that different firewalls are in service at our customers and that firewall features functions can vary broadly. CeRTNA prefers to minimize the amount of IT administrative support required by creating rules based on the following tolerance and/or capabilities of your firewall:

  1. Use wildcard domains if possible. (Ex: *.certna.org or *.certnag2g.org)
  2. Use host names if possible. (Ex: apex-prd.certna.org or reports.certna.org)
  3. Last resort, use IP addresses.

The preceding list is sorted in order of preference.

Note 2: Several digital certificates are used in support of CeRTNA/APEX, these include SSL certificates, PKI certificates for digital signatures, PKI certificates for encryption/decryption, and code-signing certificates. The CeRTNA APEX application uses core WCF & .NET functionality to verify that the PKI certifcates are still valid and have not expired. Further, during the APEX installation/update process, the code-signing certificate is validated. The lower level WCF & .NET API's communicate using port 80 for OCSP and CRL certificate validation functions. It is important that your firewall team take this into consideration.

Workstation Support

In addition to the locations listed above, there are some additional hosts that you also want to allow in order to facilitate the retrieval of Windows Updates and for CeRTNA remote support.

Host IP Address Description
*.microsoft.com * Top-level Microsoft domain, to avoid issues with Windows functionality. (Note 3)
*.update.microsoft.com * General Windows update domain.

Configuring the firewall rules for Windows Updates and other fundamental OS support, for example, virus definition files for Endpoint Protection or other 3rd party system management tools is the responsibility of your organizations IT staff. The information provided in the preceding table is here simply point out that there are additional URL's that may need to be accommodated beyond those that are required for APEX and/or CeRTNA functionality.

Note 3: Support for Teams meetings and screensharing is also required for remote support of the APEX software.