Skip to content
Documentation Menu

TC_086_CS — TLS - server-side certificate - Valid certificate

TC_086_CS — TLS - server-side certificate - Valid certificate

Source: OCPP 1.6 — Compliancy Testing Tool — Test Case Document (Trial 2025-06, Draft). System Under Test: Charge Point, page 109.

Identification

FieldValue
Test case nameTLS - server-side certificate - Valid certificate
Test case IdTC_086_CS
System under testCharge Point

Description

The Central System uses a server-side certificate to identify itself to the Charge Point, when using security profile 2 or 3.

Purpose

To verify whether the Charge Point is able to receive a server certificate provided by the Central System and setup a secured WebSocket connection.

Prerequisite(s)

The Charge Point supports security profile 2 and/or 3.

Before (Preparations)

Configuration State(s):

  • N/a

Memory State(s):

  • N/a

Reusable State(s):

  • N/a

Scenario Detail(s)

  • N/a

Tool validation(s)

Charge Point side:

Step 2:

The OCTT validates the following before sending the server certificate:

  • The Charge Point must use TLS version 1.2 or above At least the following set of cipher suites must be supported: (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 AND TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) OR (TLS_RSA_WITH_AES_128_GCM_SHA256 AND TLS_RSA_WITH_AES_256_GCM_SHA384)

Step 5:

The authorization header of the HTTP upgrade request must be formatted as follows: AUTHORIZATION: Basic <Base64 encoded(<ChargePointId>:<Configured AuthorizationKey>)>

  • The ChargePointId, must equal the ChargePointId provided at the end of the connection url string of the HTTP request.
  • Hex encoded representation of the authorization key must consist of minimum 20 and maximum 40 characters.
  • The authorization key must consist of minimum 16 characters. Post scenario validations: N/a

Central System side:

  • N/a

Expected result(s) / behaviour

Charge Point side:

  • N/a

Central System side:

  • N/a