OBEs use this service to request the new identification certificates. After the initial batch is requested, subsequent batches are automatically provisioned.
HTTP Request Body
ASN.1 serialized SecuredIdCertProvisioningRequest
|HTTP Response Body||ASN.1 serialized SignedIdCertProvisioningAck with a requestHash property containing the lower 8 bytes of the request hash. This value will identify this device from this point on, and it is to be used in subsequent download calls. The reply property contains a PseudonymCertProvisioningAck with a certDLTime property containing the expected time for download of the requested certificate and a certDLURL property containing the URL where the certificate can be downloaded.|
- Policy referenced in the request message is previously known
- EE is not revoked
See "RA-EE Errors" in Overview of Used Error Codes
Quality of Protection
- RA protects access with HTTPS (TLS V1.2)
- Supports at a minimum OpenSSL cipher suite ECDHE-ECDSA-AES128-SHA256
- Uses certificate-based client authentication of data signed by the device enrollment certificate, validated at the application layer. This is a supplement to the one-way TLS authentication, to provide two-way authentication with a TLS/1609.2 hybrid scheme.