V2G certificate profiles

PKIaaS provides the following V2G (Vehicle-to-Grid) certificate profiles

  • v2g-supply-equipment

  • v2g-user-identity

These profiles support the following features.

V2G use cases

All V2G profiles support the following use cases.

ECS Enterprise UI

CA Gateway API

Entrust-hosted Enrollment Gateway

On-prem Enrollment Gateway

images/s/by4ula/8804/47zayh/_/images/icons/emoticons/check.svg

images/s/by4ula/8804/47zayh/_/images/icons/emoticons/check.svg

images/s/by4ula/8804/47zayh/_/images/icons/emoticons/error.svg

images/s/by4ula/8804/47zayh/_/images/icons/emoticons/error.svg

V2G key usages and validity periods

See below the Key Usage, Extended Key Usage (EKU), and certificate validity period each profile supports.

Profile

Key Usage

Extended Key Usage

Validity period

v2g-supply-equipment

Digital Signature, Key Agreement

TLS server authentication (1.3.6.1.5.5.7.3.1)

1 year

v2g-user-identity

Digital Signature, Non-Repudiation

2 year

V2G certificate fields

All V2G profiles set the following certificate fields.

Field

Value

Issuer

The customer's subordinate issuing-CA

Subject

No constraint

V2G certificate extensions

All V2G profiles set the following certificate extensions.

Extension

Critical

Value

AIA

No

Supplied if the customer enables OCSP when creating the CA

Authority Key Identifier

No

Matches subjectKeyIdentifier of the signing certificate

Basic Constraints

Yes

cA =False

CRL Distribution Points

No

Always present

Subject Alternative Name

No

No constraints

Subject Key Identifier

No

«The leftmost 160-bits of the SHA-256 hash of the value of the BIT STRING subjectPublicKey» as described in RFC 7093 section 2

V2G algorithm constraints

All V2G profiles support the following key and signature algorithms.

Key algorithm

Signature algorithm

ECDSA P-256

ecdsa-with-SHA256

ECDSA P-384

ecdsa-with-SHA384

ECDSA P-521

ecdsa-with-SHA512

RSA 2048

sha256WithRSAEncryption

RSA 3072

sha256WithRSAEncryption

RSA 4096

sha512WithRSAEncryption

V2G distinguished names

PKIaaS has no restriction on Distinguished Names (DNs) per certificate profile. All certificate profiles support the following identifiers.

Alias

OID

'CN' 'CommonName'

2.5.4.3

'SN' 'SurName'

2.5.4.4

'SERIALNUMBER' 'DeviceSerialNumber'

2.5.4.5

'C' 'Country'

2.5.4.6

'L' 'Locality'

2.5.4.7

'ST' 'S' 'State'

2.5.4.8

'STREET' 'StreetAddress'

2.5.4.9

'O' 'Org' 'Organization'

2.5.4.10

'OU' 'OrganizationalUnit' 'OrganizationUnit' 'OrgUnit'

2.5.4.11

'T' 'Title'

2.5.4.12

'BUSINESSCATEGORY'

2.5.4.15

'POSTALCODE'

2.5.4.17

'givenName' 'G'

2.5.4.42

'I' 'Initials'

2.5.4.43

'ORGANIZATIONIDENTIFIER'

2.5.4.97

'UID'

0.9.2342.19200300.100.1.1

'DC' 'DomainComponent'

0.9.2342.19200300.100.1.25

'Email' 'E'

1.2.840.113549.1.9.1

'unstructuredName'

1.2.840.113549.1.9.2

'unstructuredAddress'

1.2.840.113549.1.9.8

'JurisdictionOfIncorporationLocalityName'

1.3.6.1.4.1.311.60.2.1.1

'JurisdictionOfIncorporationStateOrProvinceName'

1.3.6.1.4.1.311.60.2.1.2

'JurisdictionOfIncorporationCountryName'

1.3.6.1.4.1.311.60.2.1.3

'TrademarkOfficeName'

1.3.6.1.4.1.53087.1.2

'TrademarkCountryOrRegionName'

1.3.6.1.4.1.53087.1.3

'TrademarkRegistration'

1.3.6.1.4.1.53087.1.4

'LegalEntityIdentifier'

1.3.6.1.4.1.53087.1.5

'WordMark'

1.3.6.1.4.1.53087.1.6

'MarkType'

1.3.6.1.4.1.53087.1.13

'StatuteCountryName'

1.3.6.1.4.1.53087.3.2

'StatuteStateOrProvinceName'

1.3.6.1.4.1.53087.3.3

'StatuteLocalityName'

1.3.6.1.4.1.53087.3.4

'StatuteCitation'

1.3.6.1.4.1.53087.3.5

'StatuteURL'

1.3.6.1.4.1.53087.3.6