1. ACLI Configuration Guide
  2. SIP Signaling Services
  3. P-Certificate-Subject-Common-Name to REGISTER Messages

P-Certificate-Subject-Common-Name to REGISTER Messages

Most Enterprises use revocation servers to authenticate certificates when user equipment registers with the Oracle® Enterprise Session Border Controller. For high security enterprises, such as government organizations, user equipment, such as a cell phone, may have a certificate installed. If the user equipment is stolen, for example, the thief could use the equipment to register with theOracle® Enterprise Session Border Controller and logon to the system before the certificate is revoked from the server.

The Oracle® Enterprise Session Border Controller allows you to enable or disable the addition of a User certificate in the incoming REGISTER message header. This provides an additional layer of security when the user equipment registers with the Oracle® Enterprise Session Border Controller. When the feature is enabled, the individual user certificate must match the user’s identity during Registration.

You can enable or disable this feature using the “verify-certificate-info-register” parameter under the existing enforcement-profile object in session-router. in the ACLI. When enabled, and a REGISTER message is encountered, the Oracle® Enterprise Session Border Controller adds the User certificate information to the message header. The header is then used in validating the Request-URI Based on certificate information.

Configure the P-Certificate-Subject-Common-Name From the ACLI

Use the following procedure to configure the P-Certificate-Subject-Common-Name on the Oracle® Enterprise Session Border Controller (E-SBC).

To configure the P-Certificate-Subject-Common-Name:

  1. In Superuser mode, type configure terminal, and press Enter. 
    ORACLE# configure terminal
ORACLE(configure)#
  2. Type session-router , and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type enforcement-profile, and press Enter. 
    ORACLE(session-router)# enforcement-profile
ORACLE(enforcement-profile)#
  4. add-certificate-info—Enter sub-common name for the certificate attribute names to enable TLS certificate information caching, and for the inserting of cached certificate information into customized SIP INVITEs. Default: blank. Valid values:

    • sub-common name

    • sub-alt-name-DNS

  5. certificate-ruri-check—Enable this parameter if you want the E-SBC to cache TLS certificate information and use it to validate Request-URIs. Enabling this parameter allows the E-SBC to cache the TLS certificate information in a customized SIP INVITE. Default: disabled. Valid values:

    • enabled

    • disabled

  6. verify-certificate-info-register —Select whether or not to allow the E-SBC to add certificate information to the header of a REGISTER message for verifying a ruri against certificate attributes. Default: disabled. Valid values:

    • enabled

    • disabled

  7. Type done, and press Enter. 
    ORACLE(enforcement-profile)# done
ORACLE(enforcement-profile)#
  8. Type exit, and press Enter. 
    ORACLE(enforcement-profile)# exit
ORACLE(session-router)#
  9. Save the configuration.