Download OpenAPI specification:
PKI services API.
The EST interface receives CSRs from CPOs, eMSPs, OEMs, and CPSs, signs them, and delivers an ISO 15118 leaf certificate. The PKI Gateway/Certificate Manager creates the leaf certificates from the Sub 2 CA of the respective role. This interface can create leaf certificates for CPOs (SECC Certificate), eMSPs (Contract Certificate), OEMs (Provisioning Certificate), and CPSs (Provisioning Signing Certificates). An EST interface is a standard implementation described in RFC7030.
| algorithm | string Default: "secp256r1" Enum: "secp256r1" "secp521r1" "ed448" Example: secp521r1 Defines the algorithm for the PKI which shall be used. |
| caDomain required | string (caDomainParamV1) ^(\w+-)?(emsp|cpo|oem|cps|veh)$ Enum: "emsp" "cpo" "oem" "cps" "veh" Example: caDomain=emsp The domain of the subCA the certificate is requested from. |
| iso15118Version required | string (iso15118VersionParamV1) Default: "ISO15118-2" Enum: "ISO15118-20" "ISO15118-2" Example: iso15118Version=ISO15118-20 The ISO version which shall be used. If not set, ISO15118:2 will be used as default. |
| OPNC-from-party-type | string Enum: "emsp" "cpo" "oem" "pki" "cps" "pcp" "ccp" Specifies the type of party that originated this request |
| OPNC-from-party-id | string Specifies the ID of the party that originated this request. The ID format depends on the type of the party (WMI for OEM, ProviderID for EMSP, OperatorID for CPO, SHA-256 fingerprint of Root CA for PKI or CPS) |
| OPNC-to-party-type | string Enum: "emsp" "cpo" "oem" "pki" "cps" "pcp" "ccp" Specifies the type of party to which this request should be addressed. |
| OPNC-to-party-id | string Specifies the party ID to which this request should be addressed. The ID format depends on the type of the party (WMI for OEM, ProviderID for EMSP, OperatorID for CPO, SHA-256 fingerprint of Root CA for PKI or CPS..) |
The body is the base64 encoded CSR (Certificate Siging Request).
+++Requirements for EVSE Leafs+++
When {ca} path parameter is cpo, the CSR CommonName must match to the ^[A-Za-z]{2}[\*]?\w{3}[\*]?[E][\w\*]{1,30}$.
Where EVSEID = <Country Code> <S> <EVSE Operator ID> <S> <ID Type> <Power Outlet ID>
Country Code = 2 ALPHA two alphanumeric characters
EVSE Operator ID = 3 (ALPHA / DIGIT) three alphanumeric characters, defined and listed by eMI3 group
ID Type = “E” one character “E” indicating that this ID represents an “EVSE”
Power Outlet ID = (ALPHA / DIGIT) *30 (ALPHA / DIGIT / S) sequence of alphanumeric characters or separators
S = optional separator
Reference: ISO 15118-2:2014, Annex H, H.2.1 EVSEID Syntax
Get the chain of CA certificates incl. Root CA.
| algorithm | string Default: "secp256r1" Enum: "secp256r1" "secp521r1" "ed448" Example: secp521r1 Defines the algorithm for the PKI which shall be used. |
| caDomain required | string (caDomainParamV1) ^(\w+-)?(emsp|cpo|oem|cps|veh)$ Enum: "emsp" "cpo" "oem" "cps" "veh" Example: caDomain=emsp The domain of the subCA the certificate is requested from. |
| iso15118Version required | string (iso15118VersionParamV1) Default: "ISO15118-2" Enum: "ISO15118-20" "ISO15118-2" Example: iso15118Version=ISO15118-20 The ISO version which shall be used. If not set, ISO15118:2 will be used as default. |
| OPNC-from-party-type | string Enum: "emsp" "cpo" "oem" "pki" "cps" "pcp" "ccp" Specifies the type of party that originated this request |
| OPNC-from-party-id | string Specifies the ID of the party that originated this request. The ID format depends on the type of the party (WMI for OEM, ProviderID for EMSP, OperatorID for CPO, SHA-256 fingerprint of Root CA for PKI or CPS) |
| OPNC-to-party-type | string Enum: "emsp" "cpo" "oem" "pki" "cps" "pcp" "ccp" Specifies the type of party to which this request should be addressed. |
| OPNC-to-party-id | string Specifies the party ID to which this request should be addressed. The ID format depends on the type of the party (WMI for OEM, ProviderID for EMSP, OperatorID for CPO, SHA-256 fingerprint of Root CA for PKI or CPS..) |
Revocation service for leaf certificates (SECC Certificate, Contract Certificate, OEM Contract Certificate, OEM Vehicle Certificate).
NB: A PKI certificate subscriber can only ask the revocation on one of his own certificates.
NB2: A certificate can be revoked only by the Certificate Authority that delivered it.
| certificate required | string^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... Certificate in base64 encoded PEM form |
| revocationReason required | string Enum: "privilegeWithdrawn" "affiliationChanged" "superseded" "unspecified" "keyCompromise" "aACompromise" "cessationOfOperation" Description of revocation reasons :
|
{- "certificate": "MIIC8jCCApegAwIBAgIIVgSOEtL5U+owCgYIKoZIzj0EAwIwbjElMCMGA1UEAwwcU3ViQ0EyLUEtZU1TUF9Gb3JfQ0MtR2VuZXJpYzEMMAoGA1UECwwDU1RHMQ8wDQYDVQQKDAZHSVJFVkUxGTAXBgoJkiaJk/IsZAEZFglTdWJDQTItQ0MxCzAJBgNVBAYTAkZSMB4XDTI0MDEyMjEwMDE0NVoXDTI2MDEyMTEwMDE0NFowOTEYMBYGA1UEAwwPVFVBQUJjQXoyQks3SlJhMQwwCgYDVQQLDANTVEcxDzANBgNVBAoMBkdJUkVWRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJdgL7lS8wUMIy8IOiM6SpH1Bjp5GWKFFCYx55bBoHC7yyo2b+GcQSnGRMKaB4F5t06fk1w9+P7uehhjmXwLFGjggFSMIIBTjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMgAjDsX1OyW40YHz/CTyEQx8iGrMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEFBQcwAYY1aHR0cDovL29jc3AudGttZ2lydi5ldzEuYWlzLXN0ZzAzLmFjbG91ZC5nZW1hbHRvLmNvbS8wgZoGA1UdHwSBkjCBjzCBjKCBiaCBhoaBg2h0dHA6Ly9jcmwudGttZ2lydi5ldzEuYWlzLXN0ZzAzLmFjbG91ZC5nZW1hbHRvLmNvbTo4MC9jcmwvaXNzdWVyL0NOPVN1YkNBMi1BLWVNU1BfRm9yX0NDLUdlbmVyaWMsT1U9U1RHLE89R0lSRVZFLERDPVN1YkNBMi1DQyxDPUZSMB0GA1UdDgQWBBQ/vmRczFWeeSwQl28yZuABoCCj2jAOBgNVHQ8BAf8EBAMCA+gwCgYIKoZIzj0EAwIDSQAwRgIhAP13OVb18cdam6r+pbmqzy4n7332OZUMt7qK2W1a7Ns6AiEA0QKHeNa2ZSuv6jIhr1Z01XZUZHOROA1o2s/dNvfBKp8=",
- "revocationReason": "privilegeWithdrawn"
}