Four types of certificates of OCPP protocol

The Open Charge Point Protocol (OCPP) utilizes four main types of certificates to ensure the security and interoperability of charging infrastructure. These certificates play crucial roles in maintaining the safety and reliability of electric vehicle charging systems.

Four types of certificates of OCPP protocol

CSMS Certificate

The Charging Station Management System (CSMS) certificate is used for authenticating the central system management server. This certificate ensures secure communication between charging stations and the backend management system. CSMS certificates typically contain the following key information:

  • Organization (O) field: Filled with the Charge Station Operator (CSO) name
  • Common Name (CN) field: Contains the fully qualified domain name of the server

Charging Station Certificate

The charging station certificate is used to verify the identity of the charging station. This is crucial for establishing a trust relationship between the charging station and the central management system. Charging station certificates usually require periodic updates to maintain ongoing security and validity.

Firmware Signature Certificate

The firmware signature certificate is used to verify the authenticity of firmware updates. This certificate ensures that only authorized and verified firmware can be installed on charging stations, thereby preventing potential security threats.

SECC Certificate

The Supply Equipment Communication Controller (SECC) certificate is used for authenticating the supply equipment communication controller. This certificate plays an important role in ensuring secure communication between charging equipment and vehicles.

OCPP Security Configurations

The security aspect of OCPP 2.0.1 protocol is based on TLS and X.509 certificate public key encryption technology. Depending on security requirements, OCPP supports three security profiles:

  1. No TLS: No encryption is used.
  2. TLS with server certificate: Only server identity is verified.
  3. TLS with client-side certificates: Two-way verification, more secure, effectively prevents man-in-the-middle attacks.

For charging stations, it’s important to regularly update client certificates according to platform requirements and issue trusted and valid client certificates for intermediaries through the cloud platform. On the server side, self-signed certificates or certificates signed by official Certificate Authorities (CAs) can be imported.

By implementing these certificates and security measures, the OCPP protocol ensures the security, reliability, and interoperability of charging infrastructure, providing electric vehicle users with a safe and reliable charging experience.

admin