Get Installed Certificate Ids

Source: OCPP 1.6 Security Whitepaper Edition 2 (2020-03-31) — Use Case M03 (Retrieve list of available certificates from a Charge Point), Sections 5.7 / 5.8 (Messages)

Overview

To facilitate the management of the Charge Point's installed certificates, the Central System can request the Charge Point to send a list of installed certificates of a given type by sending a GetInstalledCertificateIds.req. The Charge Point computes hashes for each matching certificate and returns them in GetInstalledCertificateIds.conf.

If no certificate of the requested type is found, the CP SHALL return status = NotFound. Otherwise it returns status = Accepted and includes the hash data for each matching certificate.

Sequence Diagram

Figure 8. Retrieve list of available certificates from a Charge Point

Central System  ──── GetInstalledCertificateIds.req ────▶  Charge Point
                     (certificateType)
                                                            Compute hashes and list
                                                            matching certificates
Central System  ◀─── GetInstalledCertificateIds.conf ────  Charge Point
                     (status, certificateHashData[]?)

Initiator

Central System → Charge Point

Fields

Field Name	Field Type	Card.	Description
certificateType	CertificateUseEnumType	1..1	Required. Indicates the type of certificates requested.

Field Name	Field Type	Card.	Description
status	GetInstalledCertificateStatusEnumType	1..1	Required. Charge Point indicates if it can process the request.
certificateHashData	CertificateHashDataType	0..*	Optional. The Charge Point includes the certificate information for each available certificate.

CertificateUseEnumType values

CentralSystemRootCertificate — Root certificate, used by the CA to sign Central System and Charge Point certificates.
ManufacturerRootCertificate — Root certificate for verification of the Manufacturer certificate.

GetInstalledCertificateStatusEnumType values

Accepted — Normal successful completion (no errors).
NotFound — Requested certificate not found.

Examples

{
  "certificateType": "CentralSystemRootCertificate"
}

{
  "status": "Accepted",
  "certificateHashData": [
    {
      "hashAlgorithm": "SHA256",
      "issuerNameHash": "3d2e6c9f...e1",
      "issuerKeyHash": "9aa1b6f3...22",
      "serialNumber": "0a1b2c3d4e5f"
    }
  ]
}

Schema

Source: schemas/GetInstalledCertificateIds.json, schemas/GetInstalledCertificateIdsResponse.json (OCPP 1.6 Security Whitepaper, JSON Schema draft-06)

Request schema (JSON Schema)

Response schema (JSON Schema)