RSEs use this service to request new application certificates. After the initial certificate is requested, subsequent certificates are NOT automatically provisioned.
| PORT | 8892 |
|---|---|
| PATH | /provision-application-certificate |
| HTTP Method | POST |
HTTP Request Body | ASN.1 serialized SecuredAppCertProvisioningRequest |
| HTTP Response Body | ASN.1 serialized SignedAppCertProvisioningAck with a requestHash property containing the lower 8 bytes of the request hash. This value will identify this device for the download of the requested certificate. The reply property contains a PseudonymCertProvisioningAck with a certDLTime property containing the expected time for download of the requested certificate and a certDLURL property containing the URL where the certificate can be downloaded. |
Preconditions
- Policy referenced in the request message is previously known
- EE is not revoked
Postconditions
None.
Error Handling
See "RA-EE Errors" in Overview of Used Error Codes
Quality of Service
For PoC the volume for this interface is 50,000 RSEs. This is not expected to have significant impact on system throughput requirements.
Quality of Protection
- RA protects access with HTTPS (TLS V1.2)
- Supports at a minimum OpenSSL cipher suite ECDHE-ECDSA-AES128-SHA256
- Uses certificate-based client authentication of data signed by the device enrollment certificate, validated at the application layer. This is a supplement to the one-way TLS authentication, to provide two-way authentication with a TLS/1609.2 hybrid scheme.
- Incoming message is encrypted (within the ASN.1 message structure) with the RA Component certificate public key.