Sign Certificate

Source: OCPP 2.0.1 Part 2 — Specification (Edition 2, 2022-12-15) — Section 1.58 (Messages); Use Cases A02 — Update Charging Station Certificate by request of CSMS, A03 — Update Charging Station Certificate initiated by the Charging Station (Functional Block A. Security)

Overview

The Charging Station sends SignCertificateRequest to ask the CSMS (and ultimately the Certificate Authority) to sign its public key into a certificate. The public key is delivered as a Certificate Signing Request (CSR) per RFC 2986, PEM-encoded.

In OCPP 2.0.1 the CS may explicitly indicate the type of certificate to sign via certificateType:

ChargingStationCertificate — The CS-to-CSMS TLS client certificate.
V2GCertificate — The ISO 15118 V2G client certificate.

When omitted, the certificate is to be used for both the 15118 connection (if implemented) and the CS-to-CSMS connection.

The CSMS responds with SignCertificateResponse(status) indicating whether it can process the request. The signed certificate is delivered later via CertificateSigned (CSMS → CS) — in OCPP 2.0.1 that response includes a matching certificateType field.

Sequence Diagram

Charging Station  ──── SignCertificateRequest ────▶  CSMS  ────▶ CA
                       (csr, certificateType?)
Charging Station  ◀─── SignCertificateResponse ────  CSMS
                       (status, statusInfo?)
                                                     (later)
Charging Station  ◀─── CertificateSignedRequest ────  CSMS
                       (certificateChain, certificateType?)

Initiator

Charging Station → CSMS

Fields

Field Name	Field Type	Card.	Description
csr	string [0..5500]	1..1	Required. PEM-encoded CSR (RFC 2986).
certificateType	CertificateSigningUseEnumType	0..1	Optional. Type of certificate to be signed. When omitted, the certificate is for both 15118 and CS-to-CSMS.

CertificateSigningUseEnumType values

ChargingStationCertificate — Certificate for the CS-to-CSMS TLS connection.
V2GCertificate — Certificate for the ISO 15118 V2G connection.

GenericStatusEnumType values

Accepted, Rejected.

Examples

{
  "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC...\n-----END CERTIFICATE REQUEST-----",
  "certificateType": "ChargingStationCertificate"
}

{
  "status": "Accepted"
}

Schema

Source: schemas/SignCertificateRequest.json, schemas/SignCertificateResponse.json (OCPP 2.0.1 FINAL)

Request schema (JSON Schema)

Response schema (JSON Schema)

Field Name	Field Type	Card.	Description
status	GenericStatusEnumType	1..1	Required. Whether the CSMS can process the request.
statusInfo	StatusInfoType	0..1	Optional. Detailed status information.