SignCertificate
Sent by the Charging Station to request the CSMS to sign a certificate signing request (CSR) for the station's TLS certificate or V2G certificate.
Quick Reference
Required Fields
csr string(5500) The PEM-encoded Certificate Signing Request
certificateType CertificateSigningUseEnumType Type of certificate: ChargingStationCertificate or V2GCertificate
Example Payload
{
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIBmTCCAQICAQAwWTELMAkGA1UEBhMCREUx...\n-----END CERTIFICATE REQUEST-----",
"certificateType": "ChargingStationCertificate"
}Example Full Frame
[
2,
"msg-001",
"SignCertificate",
{
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIBmTCCAQICAQAwWTELMAkGA1UEBhMCREUx...\n-----END CERTIFICATE REQUEST-----",
"certificateType": "ChargingStationCertificate"
}
]
Format: [MessageType, MessageId, Action, Payload]
Overview
SignCertificate is part of OCPP 2.0.1’s built-in security. The Charging Station generates a CSR and sends it to the CSMS, which forwards it to a CA (Certificate Authority). The signed certificate is returned via CertificateSigned.
When to Send
- During initial provisioning to get the station’s TLS certificate
- When the TLS certificate is about to expire
- To obtain a V2G certificate for ISO 15118 Plug & Charge
Expected Response
status:AcceptedorRejected
The actual signed certificate arrives via CertificateSigned.
Usage Notes
ChargingStationCertificate: Used for the OCPP WebSocket TLS connectionV2GCertificate: Used for ISO 15118 Vehicle-to-Grid communication- The CSMS may forward the CSR to an external CA — delivery of the signed certificate may be delayed
Testing Tips
- Generate a real CSR with OpenSSL and test the full signing flow
- Verify the signed certificate arrives via
CertificateSignedwith the correct type
Common Errors
PropertyConstraintViolation
Cause: csr exceeds 5500 characters
Solution: Keep the PEM-encoded CSR under 5500 characters
TypeConstraintViolation
Cause: certificateType uses an unsupported value
Solution: Use ChargingStationCertificate or V2GCertificate