Delete Certificate
Source: OCPP 1.6 Security Whitepaper Edition 2 (2020-03-31) — Use Case M04 (Delete a specific certificate from a Charge Point), Sections 5.3 / 5.4 (Messages)
Overview
To facilitate the management of the Charge Point's installed certificates, the Central System can request the Charge Point to delete a specific installed certificate by sending a DeleteCertificate.req. The Charge Point identifies the target certificate by its hash data (CertificateHashDataType) and responds with DeleteCertificate.conf.
Behavioural rules:
- Deletion of the Charge Point Certificate itself SHALL NOT be possible via
DeleteCertificate.req. - The CP SHALL reject deletion of a
CentralSystemRootCertificatethat is currently in use for validating the connection to the Central System (status = Failed). - It is possible to delete every installed
CentralSystemRootCertificate. If they are all deleted, the CP can no longer validate Central System certificates and will be unable to connect. - It is possible to delete every installed
ManufacturerRootCertificate. If they are all deleted, no signed firmware can be installed. - When deleting a certificate, the Central System SHALL use the
hashAlgorithmthat was used when the certificate was installed.
Sequence Diagram
Figure 9. Delete Installed Certificate
Central System ──── DeleteCertificate.req ────▶ Charge Point
(certificateHashData)
Central System ◀─── DeleteCertificate.conf ──── Charge Point
(status)
Initiator
Central System → Charge Point
Fields
| Field Name | Field Type | Card. | Description |
|---|---|---|---|
| certificateHashData | CertificateHashDataType | 1..1 | Required. Indicates the certificate of which deletion is requested. |
| Field Name | Field Type | Card. | Description |
|---|---|---|---|
| status | DeleteCertificateStatusEnumType | 1..1 | Required. Charge Point indicates if it can process the request. |
CertificateHashDataType
| Field | Type | Card. | Description |
|---|---|---|---|
| hashAlgorithm | HashAlgorithmEnumType | 1..1 | Used algorithm for the hashes provided. |
| issuerNameHash | identifierString [0..128] | 1..1 | Hashed value of the IssuerName. |
| issuerKeyHash | identifierString [0..128] | 1..1 | Hashed value of the issuer's public key. |
| serialNumber | string [0..40] | 1..1 | The serial number of the certificate. |
DeleteCertificateStatusEnumType values
Accepted— Normal successful completion (no errors).Failed— Processing failure.NotFound— Requested resource not found.
HashAlgorithmEnumType values
SHA256,SHA384,SHA512.
Examples
{
"certificateHashData": {
"hashAlgorithm": "SHA256",
"issuerNameHash": "3d2e6c9f...e1",
"issuerKeyHash": "9aa1b6f3...22",
"serialNumber": "0a1b2c3d4e5f"
}
}{
"status": "Accepted"
}Schema
Source:
schemas/DeleteCertificate.json,schemas/DeleteCertificateResponse.json(OCPP 1.6 Security Whitepaper, JSON Schema draft-06)