Skip to content
Documentation Menu

TC_083_CSMS — Upgrade Charge Point Security Profile - Accepted

TC_083_CSMS — Upgrade Charge Point Security Profile - Accepted

Source: OCPP 1.6 — Compliancy Testing Tool — Test Case Document (Trial 2025-06, Draft). System Under Test: Central System, page 191.

Identification

FieldValue
Test case nameUpgrade Charge Point Security Profile - Accepted
Test case IdTC_083_CSMS
System under testCentral System

Description

The Central System can upgrade the connection using a higher Security Profile, the Central System can send a new value for the SecurityProfile Configuration key.

Purpose

To verify if the Central System is able to upgrade the Charge Point to a higher security profile than currently configured.

Prerequisite(s)

  • Next to security profile 2, also security profile 1 and/or 3 must be supported.
  • Security profile must be set to 1 or 2.

Before (Preparations)

Configuration State(s):

  • N/a

Memory State(s):

  • N/a

Reusable State(s):

  • N/a

Scenario Detail(s)

  • N/a

Tool validation(s)

Charge Point side:

Step 2:

(Message: ChangeConfiguration.conf)

  • status should be Accepted

Step 4:

(Message: Reset.conf)

  • status should be Accepted

Step 9:

(Message: StatusNotification.req)

  • status should be Available

Central System side:

Step 1:

(Message: ChangeConfiguration.req)

  • key is SecurityProfile
  • value is <One level higher than the configured security profile>

Step 3:

(Message: Reset.req)

  • type is Hard

Step 8:

(Message: BootNotification.conf)

  • status is Accepted

Step 12:

When upgrading a Charge Point to a higher security profile, a Central System has several options regarding which endpoint to use. This affects the way the Central System is able to detect it needs to reject the incoming connection attempt. In case of having upgraded from security profile 2 to 3, but there is an incoming connection attempt using security profile 2: When the same endpoint is used, then it depends on the Central System endpoint configuration.

  • When the Central System does a full switch and only allows TLS handshakes when a client certificate is provided, then the TLS handshake is rejected.
  • When the Central System only requires this Charge Point to use a client certificate, then it accepts the TLS handshake (because it will be unable to detect which Charge Point is connecting) and it rejects the HTTP request to establish the WebSocket connection. When a different port or a whole different endpoint is used for the upgrade, then on the original endpoint the Central System accepts the TLS handshake and it rejects the HTTP request to establish the WebSocket connection (because this Charge Point is not allowed to connect with security profile 2 anymore). In case of security profile 1, the case is always the same. The Central System shall always reject the HTTP request to establish the WebSocket connection, because TLS is required for this Charge Point.

Expected result(s) / behaviour

Charge Point side:

The Charge Point and the Central System are connected.

Central System side:

  • N/a