OBEs use this service to request the new identification certificates. After the initial batch is requested, subsequent batches are automatically provisioned.
| PORT | 8892 |
|---|---|
| PATH | /provision-identity-certificate |
| HTTP Method | POST |
HTTP Request Body | ASN.1 serialized SecuredIdCertProvisioningRequest |
| HTTP Response Body | ASN.1 serialized SignedIdCertProvisioningAck with a requestHash property containing the lower 8 bytes of the request hash. This value will identify this device from this point on, and it is to be used in subsequent download calls. The reply property contains a PseudonymCertProvisioningAck with a certDLTime property containing the expected time for download of the requested certificate and a certDLURL property containing the URL where the certificate can be downloaded. |
Preconditions
- Policy referenced in the request message is previously known
- EE is not revoked
Postconditions
None.
Error Handling
See "RA-EE Errors" in Overview of Used Error Codes
Quality of Protection
- RA protects access with HTTPS (TLS V1.2)
- Supports at a minimum OpenSSL cipher suite ECDHE-ECDSA-AES128-SHA256
- Uses certificate-based client authentication of data signed by the device enrollment certificate, validated at the application layer. This is a supplement to the one-way TLS authentication, to provide two-way authentication with a TLS/1609.2 hybrid scheme.