2 Features

This chapter lists the added or updated features in release 23.4.x. For more information about the features, see Oracle Communications Cloud Native Core Certificate Management User Guide.

Release 23.4.4

There are no new features or enhancements in this release.

Release 23.4.3

There are no new features or enhancements in this release.

Release 23.4.2

There are no new features or enhancements in this release.

Release 23.4.1

There are no new features or enhancements in this release.

Release 23.4.0

The OCCM documentation has been updated with the following features:

  • Automated Certificate Management:

    Oracle Communications Certificate Management (OCCM) is an automated solution for managing the certificates needed for Oracle 5G Network Functions (NFs). OCCM constantly monitors and renews the certificates based on their validity or expiry period.

    OCCM integrates with the Certificate Authority(s) using Certificate Management Protocol Version 2 (CMPv2) and RFC4210 to facilitate these certificate management operations:

    • Operator-initiated certificate creation
    • Operator-initiated certificate recreation
    • Automatic certificate monitoring and renewal

    OCCM supports transport of CMPv2 messages using HTTP-based protocol.

    OCCM provides the following mechanisms to establish initial trust between OCCM and CA(s):

    1. Certificate-based message signing
    2. Pre-shared key or MAC based authentication

    All the subsequent CMPv2 procedures are authenticated using the certificate-based mechanism in compliance with 3GPP TS 33.310.

    The keys and X.509 certificates are managed using Kubernetes secrets.

  • OCCM Deployment Models:

    OCCM provides the following deployment models to support certificate management for the integrated NF(s) instantiated within the same cluster:

    • Dedicated deployment model - OCCM resides in the same Kubernetes namespace as the NF or Components.
    • Shared deployment model - OCCM is deployed in a separate Kubernetes namespace and can manage certificates of multiple NFs or components deployed in other Kubernetes namespaces.

    Appropriate permissions must be assigned to OCCM using Kubernetes Service Account, Role and Role Binding, based on the selected deployment model.

  • Console Support for OCCM Configuration:

    Console support for OCCM configuration is enabled. OCCM configuration can be performed through Console GUI or by invoking REST API by passing Console Access Token. Following OCCM GUI screens are supported at Console:

    • Issuer Configuration
    • Certificate Configuration
    • Logging Configuration
  • Support for Kubernetes Network Policies: OCCM has implemented the Network policies framework to enable the user to specify how a pod communicates with network entities. It enables OCCM to create pod-level rules needed for OCCM data flows, to manage Ingress and Egress traffic.
  • Support for OCCM Deployment Using Continuous Delivery Control Server (CDCS): In addition to OCCM's Command Line Interface (CLI) deployment method, OCCM can be deployed using the Continuous Delivery Control Server (CDCS), which is a centralized server that automates OCCM deployment processes such as downloading the OCCM package, installation, upgrade, and rollback. For more information about CDCS, see Oracle Communications Cloud Native Core CD Control Server User Guide. For information about OCCM deployment using CDCS, see the Overview section in Oracle Communications Cloud Native Core Certificate Management Installation, Upgrade, and Fault Recovery Guide.