OCSR Access via FQDN

Prior software releases supported OCSR access only via IPv4 addresses and port numbers. In response to a DISA/DoD request, Release S-CX6.3F1 adds support for OCSR access via FQDNs. Since multiple public key infrastructure (PKI) elements capable of supporting OCSP requests can exist within a DISA/DoD environment, the Domain Name Service (DNS) lookup that resolves the FQDN can result in more than one OCSR IP address being returned to the Oracle® Enterprise Session Border Controller in its role of OCSP client. When processing a lookup that contains more than one IP address, the Oracle® Enterprise Session Border Controller uses a 
round-robin algorithm to select from the list of OCSR addresses.

OCSR Access via FQDN is available on all media interfaces and on the wancom0 administrative interface. Note that support for FQDN-based access is requires the configuration of DNS support.

If the realm attribute is configured in the certificate-status-profile configuration element, the required DNS query is issued on the corresponding network interface. This model requires configuration of the dns-ip-primary attribute, and optionally the dns-ip-backup1 and dns-ip-backup2 attributes for the realm’s network interface.

If the realm attribute is not configured in the certificate-status-profile, the required DNS query is issued on the wancom0 interface. This model requires configuration of the dns-ip-primary attribute, and optionally the dns-ip-backup1 and 
dns-ip-backup2 attributes for the wancom0 interface.

Access via an FQDN is supported by a new attribute (hostname) in the 
cert-status-profile configuration element.

The Oracle® Enterprise Session Border Controller allows configuration of both an OCSR IP address and port number (using the ip-address and port attributes) and an OCSR domain (using the hostname attribute).

In such cases the verify-config command issues a warning and notes that 
IP address-based access will be used.