Page tree
Skip to end of metadata
Go to start of metadata

EEs use this service to download a local certificate chain file.

HTTP Request BodyEmpty
HTTP Request Headers

Optionally, the request may include the standard HTTP Header 'If-None-Match' containing the file name of the local certificate chains file that the EE currently possesses, excluding any path. For example:

If-None-Match: "local_certificate_chains_01_03.oer"

This is used to prevent the same file from being downloaded by the device multiple times.

HTTP Response BodyFile containing the local certificate chains represented by an OER encoded ASN.1 serialized ScopedLocalCertificateChainFile. The file name returned is of the form: local_certificate_chains_<X>_<Y>.<Z>


  • X is the global certificate chain version, i.e., the cert_chain_file_id parameter found in the Global Policy File
  • Y is the local certificate chain version
  • Z is one of the permitted encoding formats (oer) from the file name in the request message


An HTTP code of 304 (Not Modified), if the provided file name in the 'If-None-Match' header matches the current version available on the RA server.




  1. Returned file contains SCMS certificates chains that the device will use

Error Handling

See "RA-EE Errors" in Overview of Used Error Codes

Quality of Service

Estimated values are per logical unit, meaning multiple individual nodes can contribute to achieve the desired level of service. The number of vehicles that potentially invoke this service in a week is a function of the number of years in service:


Quality Metric
1 Year
3 Years
5 Years
10 Years

Assuming half of all new cars plus all existing vehicles need to download local certificate chain file in the same week.

8,500,000 new vehicles / 604,800 seconds/week

14 requests / second

(8,500,000 new vehicles + 34,000,000 existing vehicles) / 604,800 seconds/week

70 requests / second

(8,500,000 new vehicles + 68,000,000 existing vehicles) / 604,800 seconds/week

126 requests / second

(8,500,000 new vehicles + 153,000,000 existing vehicles) / 604,800 seconds/week

267 requests / second

Quality of Protection

  • RA protects access with HTTPS (TLS V1.2)
  • Supports at a minimum OpenSSL cipher suite ECDHE-ECDSA-AES128-SHA256