feat: Switch OCSP configuration to use domain names

- Update OCSP URL in certificate generation from IP to domain name
- Add OCSP hostname to docker-compose network configuration
- Document useful hosts file entries in README.md

The changes make it easier to test OCSP locally with clients by using domain names that can be mapped in host files.

federation/README.md

@@ -48,6 +48,20 @@ XMPP 2 hosts the following MUC rooms:
 * `muc3`
 * `muc4`
 
+## Hosts file entries
+To access the XMPP servers and (optional) OCSP responder from your local machine you should 
+add entries to your hosts file:
+
+```
+127.0.0.1 xmpp.localhost.example
+127.0.0.1 xmpp1.localhost.example
+127.0.0.1 xmpp2.localhost.example
+127.0.0.1 xmpp3.localhost.example
+127.0.0.1 ocsp.localhost.example
+```
+
+This helps when testing with various clients and tools.
+
 ## Network
 
 The Docker compose file defines a custom bridge network with a single subnet of `172.50.0.0/24`
@@ -154,6 +168,7 @@ All certificates are stored in `./_data/certs/`.
 This setup allows certificates to be checked for revocation status making a request to the 
 OCSP responder:
 ```bash
+```bash
 openssl ocsp -url http://localhost:8888 \
   -issuer _data/certs/ca/intermediate-ca/intermediate.crt \
   -CAfile _data/certs/chain1.pem \

federation/docker-compose-network-ipv4-only.yml

@@ -19,6 +19,7 @@ services:
       - "conference.xmpp1.localhost.example:172.50.0.10"
       - "xmpp2.localhost.example:172.50.0.20"
       - "conference.xmpp2.localhost.example:172.50.0.20"
+      - "ocsp.localhost.example:172.50.0.30"
 
   xmpp2:
     networks:
@@ -29,6 +30,7 @@ services:
       - "conference.xmpp1.localhost.example:172.50.0.10"
       - "xmpp2.localhost.example:172.50.0.20"
       - "conference.xmpp2.localhost.example:172.50.0.20"
+      - "ocsp.localhost.example:172.50.0.30"
 
 networks:
   openfire-federated-net:

federation/docker-compose-ocsp-responder.yml

@@ -15,11 +15,11 @@ services:
   #
   # Test Certificate Status:
   # ----------------------
-  # openssl ocsp -url http://localhost:8888 \
+  # openssl ocsp -url http://ocsp.localhost.example:8888 \
   #   -issuer _data/certs/ca/intermediate-ca/intermediate.crt \
   #   -CAfile _data/certs/chain1.pem \
   #   -cert _data/certs/server1.crt \
-  #   -text   # Adds human-readable output
+  #   -text
   ocsp-responder:
     image: alpine:latest
     volumes:

federation/scripts/generate-certificates.sh

@@ -2,7 +2,7 @@
 
 # OCSP server configuration
 # Defines where the OCSP responder will be accessible in the Docker network
-OCSP_URL="http://172.50.0.30:8888"
+OCSP_URL="http://ocsp.localhost.example:8888"
 
 # Base directory for all certificate-related files
 # All paths in this script will be relative to this directory