As a PKI provider, verifying the identity associated with the Common Name is a critical part of the certificate issuance process.
To ensure a smooth and secure certificate signing experience, we require that Common Names be registered in our certificate authority. This registration process is essential as it allows us to conduct thorough checks and validation, ensuring that certificates are only issued to the rightful owners. If a Common Name is not registered in our certificate authority, the request for signing a certificate may be denied, thus maintaining a robust security posture.
We adhere to ISO requirements, which dictate that different roles must have specific IDs attached to their Common Names. The first components of these IDs are attached to the credential used to access the endpoints, so it needs to be set beforehand:
Mobile Operators (MO) are identified by their EMAID (Entity Mobile Application Identifier). The first five characters of the Common Name represent the country code and provider ID its attached to the credential.
Charge Point Operators (CPO) are distinguished by their EVSE/SECC ID (Electric Vehicle Supply Equipment/Smart Energy Code Company). The first five characters of the Common Name represent the country code and operator ID its attached to the credential.
Original Equipment Manufacturers (OEM) are identified by their PCID (Part Catalogue Identifier). The first three characters of the Common Name represent the WMI (World Manufacturer Identifier) of the manufacturer its attached to the credential.
Typically, during the initial onboarding process, the credentials are configured, incorporating the aforementioned components. However, it is crucial to keep us informed in the event of any changes or additions to the ProviderID, OperatorID, or WMI. This ensures that we can promptly update the used credentials and avoid potential blockages of certificate signing requests.
Our Registration Authority endpoints have been purposefully implemented to streamline the registration process. With these endpoints, users can easily register, verify, and manage their EVSE/SECC IDs. This user friendly approach enhances the overall experience and simplifies certificate management, ensuring secure and efficient deployment for all stakeholders.
By adhering to these rigorous identity verification processes and implementing user friendly tools, we strive to maintain the highest standards of security and user satisfaction as a trusted PKI provider.
In total five interfaces are available for the process:
This endpoint allows registration of the common names at the Hubject PKI Gateway for a specific role by passing the common names in a array of string objects.
Four attributes are required in the body of the call:
- commonName (Required): commonName which needs to be registered;
manufacture (Required): Manufacture of the EVSE or EVCC, e.g. Alpitronic, ABB, Trithium etc;
deviceName (Required): Model of the EVSE or EVCC, e.g. for EVSE: HYC300;
deviceSWVersion (Required): version of the software install in the EVSE or EVCC;
With a successful response you will receive the following attributes:
- id: id of the register in the database;
- commonName: commonName which was registered;
- registeredDate: date when the ID was registered;
- userName: Name of the credential responsible for the registration;
- ca: Relevant certificate authority for the role CPO, MO, OEM, CPS;
- stage: QA or PROD;
- manufacture: Given manufacture of the EVSE or EVCC;
- deviceName: Given Model of the EVSE or EVCC;
- deviceSWVersion: Given software version of the EVSE or EVCC;
This endpoint is used to list all common names (PCID, EMAID, SECCID) and their information registered in the Hubject PKI Gateway for a specific client.
This endpoint is used to check if a common name (PCID, EMAID, SECCID) is registered in the Hubject PKI Gateway.
By passing the common name as a parameter, the user can check if the common name is registered and receive the register information.
This endpoint is used to delete a common name (e.g. PCID,EMAID, SECCID) from the Hubject PKI Gateway for a specific role by passing the common names as a parameter.
This endpoint is used to list all common names (PCID, EMAID, SECCID) and their information registered in the Hubject PKI Gateway for a specific client using a pagination format.
The interface above mentioned can be found in the Postman collection available here.