{"id":38532,"date":"2026-01-12T15:13:14","date_gmt":"2026-01-12T07:13:14","guid":{"rendered":"https:\/\/www.evb.com\/?p=38532"},"modified":"2026-01-16T20:39:19","modified_gmt":"2026-01-16T12:39:19","slug":"iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance","status":"publish","type":"post","link":"https:\/\/www.evb.com\/cs\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","title":{"rendered":"\u0158\u00edzen\u00ed \u017eivotn\u00edho cyklu certifik\u00e1tu ISO 15118 v roce 2026: Od nal\u00e9havosti TLS k souladu s CRA"},"content":{"rendered":"<article>\n<div class=\"mceTemp\"><\/div>\n<figure id=\"attachment_36118\" aria-describedby=\"caption-attachment-36118\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-36118\" title=\"P\u0159ehled produktov\u00e9 \u0159ady EVB pro nab\u00edjen\u00ed a ukl\u00e1d\u00e1n\u00ed energie\" src=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg\" alt=\"Portfolio EVB pro nab\u00edje\u010dky elektromobil\u016f st\u0159\u00eddav\u00fdm a stejnosm\u011brn\u00fdm proudem a komer\u010dn\u00ed syst\u00e9my pro ukl\u00e1d\u00e1n\u00ed energie\" width=\"635\" height=\"397\" srcset=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg 2560w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-1536x960.jpeg 1536w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-2048x1280.jpeg 2048w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-18x12.jpeg 18w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-600x375.jpeg 600w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-768x480.jpeg 768w\" sizes=\"auto, (max-width: 635px) 100vw, 635px\" \/><figcaption id=\"caption-attachment-36118\" class=\"wp-caption-text\"><a href=\"https:\/\/www.evb.com\/cs\/\">EVB nab\u00edz\u00ed kompletn\u00ed sortiment nab\u00edje\u010dek pro elektromobily na st\u0159\u00eddav\u00fd i stejnosm\u011brn\u00fd proud.<\/a><\/figcaption><\/figure>\n<h2>TL;DR (Shrnut\u00ed v\u00fdkonn\u00fdch opat\u0159en\u00ed)<\/h2>\n<ul>\n<li><strong>TLS cutover je pevn\u00e1 hranice (nejedn\u00e1 se o n\u00e1vrh):<\/strong> Z <strong>24. \u00fanora 2026<\/strong>, DigiCert bude <strong>p\u0159estat p\u0159ij\u00edmat<\/strong> \u017d\u00e1dosti o ve\u0159ejn\u00e9 certifik\u00e1ty TLS s platnost\u00ed <strong>v\u00edce ne\u017e 199 dn\u00ed<\/strong>a certifik\u00e1ty vydan\u00e9 od tohoto data maj\u00ed <strong>Maxim\u00e1ln\u00ed platnost 199 dn\u00ed<\/strong>Pro mnoho oper\u00e1tor\u016f je to praktick\u00fd p\u0159echod \u2013 rychlost obnovy se okam\u017eit\u011b zv\u00fd\u0161\u00ed.<\/li>\n<li><strong>Pl\u00e1n 200\u2192100\u219247 dn\u00ed je ji\u017e definov\u00e1n:<\/strong> Z\u00e1kladn\u00ed po\u017eadavky CA\/Browser Forum stanovuj\u00ed postupn\u00e9 sni\u017eov\u00e1n\u00ed: <strong>200 dn\u00ed od 15. b\u0159ezna 2026<\/strong>, <strong>100 dn\u00ed od 15. b\u0159ezna 2027<\/strong>a <strong>47 dn\u00ed od 15. b\u0159ezna 2029<\/strong>.<\/li>\n<li><strong>CRA p\u0159id\u00e1v\u00e1 \u010dasov\u00fd limit pro sledov\u00e1n\u00ed souladu:<\/strong> Pravidla pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v ratingov\u00fdch agentur vy\u017eaduj\u00ed <strong>v\u010dasn\u00e9 varov\u00e1n\u00ed do 24 hodin<\/strong>, <strong>\u00fapln\u00e9 ozn\u00e1men\u00ed do 72 hodin<\/strong>a definovala kone\u010dn\u00e1 okna pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v o aktivn\u011b zneu\u017eit\u00fdch zranitelnostech a z\u00e1va\u017en\u00fdch incidentech.<\/li>\n<li><strong>Nejv\u011bt\u0161\u00edm skryt\u00fdm rizikem nen\u00ed vypr\u0161en\u00ed platnosti:<\/strong> Syst\u00e9mov\u00fd re\u017eim selh\u00e1n\u00ed je <strong>posun kotvy d\u016fv\u011bry<\/strong>\u2014zm\u011bny ko\u0159enov\u00fdch\/meziprovozn\u00edch\/k\u0159\u00ed\u017eov\u00e9ho podepisov\u00e1n\u00ed nejsou synchronizovan\u00e9 nap\u0159\u00ed\u010d EVSE, lok\u00e1ln\u00edmi \u0159adi\u010di a ov\u011b\u0159ovac\u00edmi cestami backendu.<\/li>\n<li><strong>Prvn\u00ed investice pro zaji\u0161t\u011bn\u00ed provozuschopnosti:<\/strong> Syst\u00e9mov\u011b \u0159\u00edzen\u00e1 automatizace (ACME + inventarizace + postupn\u00e9 zav\u00e1d\u011bn\u00ed) plus <strong>kontinuita hran<\/strong> (lok\u00e1ln\u00ed validace\/ukl\u00e1d\u00e1n\u00ed do mezipam\u011bti, protokoly d\u016fkaz\u016f a spr\u00e1va synchronizace \u010dasu).<\/li>\n<\/ul>\n<h2>\u00davod: Rok 2026 prom\u011bn\u00ed syst\u00e9m Plug &amp; Charge v opera\u010dn\u00ed syst\u00e9m<\/h2>\n<p>V roce 2026 p\u0159estane b\u00fdt funkce Plug &amp; Charge (P&amp;C) funkc\u00ed typu \u201enastav a zapome\u0148\u201c a stane se <strong>nep\u0159etr\u017eit\u00fd opera\u010dn\u00ed syst\u00e9m<\/strong>.<br \/>\nRovina d\u016fv\u011bryhodnosti ISO 15118 (PKI + TLS + zru\u0161en\u00ed + aktualizace) se nyn\u00ed \u0159\u00edd\u00ed \u010dasov\u00fdmi harmonogramy, kter\u00e9 netoleruj\u00ed manu\u00e1ln\u00ed pracovn\u00ed postupy.<\/p>\n<p>Abychom pochopili hranice syst\u00e9mu \u2013 za co je zodpov\u011bdn\u00e1 norma ISO 15118 vs. za co je zodpov\u011bdn\u00fd OCPP \u2013 za\u010dn\u011bme s na\u0161\u00edm doprovodn\u00fdm textem:<br \/>\n<a href=\"https:\/\/www.evb.com\/cs\/iso-15118-ocpp-in-2026-real-world-deployment-pki-and-grid-readiness\/\">Realita nasazen\u00ed ISO 15118 vs. OCPP v roce 2026<\/a>.<\/p>\n<p>Bezprost\u0159edn\u00ed tlak je <strong>Komprese \u017eivotn\u00edho cyklu TLS<\/strong>Z provozn\u00edho hlediska nem\u016f\u017eete \u201e\u010dekat do b\u0159ezna\u201c.<br \/>\nDigiCert bude <strong>p\u0159estat p\u0159ij\u00edmat<\/strong> ve\u0159ejn\u00e9 po\u017eadavky TLS p\u0159ekra\u010duj\u00edc\u00ed <strong>199 dn\u00ed<\/strong> za\u010d\u00edn\u00e1 <strong>24. \u00fanora 2026<\/strong>,<br \/>\na certifik\u00e1ty vydan\u00e9 od tohoto dne budou m\u00edt <strong>Maxim\u00e1ln\u00ed platnost 199 dn\u00ed<\/strong>.<br \/>\nDigiCert tak\u00e9 zd\u016fraz\u0148uje kritick\u00fd provozn\u00ed detail: maxim\u00e1ln\u00ed povolen\u00e1 platnost se \u0159\u00edd\u00ed <strong>datum vyd\u00e1n\u00ed<\/strong>, nikoli p\u0159i zad\u00e1n\u00ed objedn\u00e1vky.<\/p>\n<p>Z\u00e1rove\u0148 z\u00e1kon EU o kybernetick\u00e9 odolnosti (CRA) zav\u00e1d\u00ed druh\u00e9 \u010dasov\u00e9 omezen\u00ed: pravidla pro hl\u00e1\u0161en\u00ed vy\u017eaduj\u00ed<br \/>\n<strong>24hodinov\u00e9 v\u010dasn\u00e9 varov\u00e1n\u00ed<\/strong> a <strong>72hodinov\u00e9 ozn\u00e1men\u00ed<\/strong> pro aktivn\u011b zneu\u017e\u00edvan\u00e9 zranitelnosti a z\u00e1va\u017en\u00e9 incidenty s dopadem na produkty s digit\u00e1ln\u00edmi prvky.<\/p>\n<p>Tato p\u0159\u00edru\u010dka se zam\u011b\u0159uje na architekturu a kontroly rizik pro provozov\u00e1n\u00ed certifik\u00e1t\u016f ISO 15118 za t\u011bchto omezen\u00ed.<\/p>\n<h2>Miln\u00edky a po\u017eadovan\u00e1 opat\u0159en\u00ed pro obdob\u00ed 2024\u20132026 (textov\u00fd Gantt\u016fv diagram)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Okno<\/th>\n<th>Druh\u00e1 polovina roku 2024<\/th>\n<th>Prvn\u00ed pololet\u00ed roku 2025<\/th>\n<th>Druh\u00e1 polovina roku 2025<\/th>\n<th><strong>24. \u00fanora 2026<\/strong><\/th>\n<th><strong>15. b\u0159ezna 2026<\/strong><\/th>\n<th><strong>11. z\u00e1\u0159\u00ed 2026<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Vn\u011bj\u0161\u00ed zm\u011bna<\/strong><\/td>\n<td>P\u0159echodov\u00e9 sign\u00e1ly CA<\/td>\n<td>Automatizace pilotn\u00edho \u0159\u00edzen\u00ed<\/td>\n<td>D\u016fv\u011bryhodn\u00e9 kotevn\u00ed vrt\u00e1ky<\/td>\n<td><strong>Za\u010d\u00edn\u00e1 vyd\u00e1v\u00e1n\u00ed DigiCertu s 199denn\u00ed lh\u016ftou<\/strong><\/td>\n<td><strong>Za\u010d\u00edn\u00e1 200denn\u00ed f\u00e1ze stropu BR<\/strong><\/td>\n<td>Aktivn\u00ed pod\u00e1v\u00e1n\u00ed zpr\u00e1v ratingov\u00fdm agentur\u00e1m (dle pokyn\u016f)<\/td>\n<\/tr>\n<tr>\n<td><strong>Co d\u011blat<\/strong><\/td>\n<td>Koncov\u00e9 body invent\u00e1\u0159e<\/td>\n<td>Pilotn\u00ed syst\u00e9m ACME + telemetrie<\/td>\n<td>Offline strategie + zaveden\u00ed d\u016fv\u011bryhodn\u00e9ho \u00falo\u017ei\u0161t\u011b<\/td>\n<td>Zmrazit cesty ru\u010dn\u00edho obnoven\u00ed<\/td>\n<td>Kompletn\u00ed obnoven\u00ed \u0159\u00edzen\u00e9 syst\u00e9mem<\/td>\n<td>Prov\u00e1d\u011bjte cvi\u010den\u00ed CRA pro stoln\u00ed pou\u017eit\u00ed a d\u016fkazy<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Provozn\u00ed pozn\u00e1mka:<\/strong> 24. \u00fanora 2026 je \u010dasto skute\u010dn\u00fdm bodem p\u0159elomu, proto\u017ee se tehdy m\u011bn\u00ed chov\u00e1n\u00ed hlavn\u00edch certifika\u010dn\u00edch autorit p\u0159i emis\u00edch.<\/p>\n<p><strong>Pozn\u00e1mka k z\u00e1sad\u00e1m:<\/strong> Postupn\u00e9 zkracov\u00e1n\u00ed \u017eivotnosti je definov\u00e1no v z\u00e1kladn\u00edch po\u017eadavc\u00edch (200\/100\/47 dn\u00ed).<\/p>\n<h2>\u017divotn\u00ed cyklus: Zaji\u0161\u0165ov\u00e1n\u00ed \u2192 Provoz \u2192 Obnoven\u00ed \u2192 Zru\u0161en\u00ed<\/h2>\n<h3>Mapa \u017eivotn\u00edho cyklu (co mus\u00edte b\u00fdt schopni ovl\u00e1dat)<\/h3>\n<ol>\n<li><strong>Zaji\u0161\u0165ov\u00e1n\u00ed OEM:<\/strong> Vygenerovan\u00e9\/vlo\u017een\u00e9 kl\u00ed\u010de; nav\u00e1z\u00e1n ko\u0159en d\u016fv\u011bryhodnosti (HSM\/zabezpe\u010den\u00fd prvek).<\/li>\n<li><strong>Registrace ke smlouv\u011b:<\/strong> Smluvn\u00ed certifik\u00e1ty v\u00e1zan\u00e9 na u\u017eivatelsk\u00e9 smlouvy (z\u00e1visl\u00e9 na ekosyst\u00e9mu).<\/li>\n<li><strong>Uveden\u00ed do provozu EVSE:<\/strong> Stanoven\u00ed z\u00e1kladn\u00edch lini\u00ed \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat, z\u00e1sad a z\u00e1kladn\u00edch lini\u00ed synchronizace \u010dasu.<\/li>\n<li><strong>Provozn\u00ed validace:<\/strong> TLS handshakes, budov\u00e1n\u00ed \u0159et\u011bzce, kontrola odvol\u00e1n\u00ed, vynucov\u00e1n\u00ed z\u00e1sad.<\/li>\n<li><strong>Obnoven\u00ed \/ op\u011btovn\u00e9 vyd\u00e1n\u00ed:<\/strong> Automatizace + postupn\u00e9 zav\u00e1d\u011bn\u00ed + vr\u00e1cen\u00ed zp\u011bt.<\/li>\n<li><strong>Reakce na zru\u0161en\u00ed \/ incident:<\/strong> Kompromitace\/nespr\u00e1vn\u00e9 vyd\u00e1n\u00ed\/zneu\u017eit\u00ed \u2192 zru\u0161it\/st\u0159\u00eddat\/z\u00edskat zp\u011bt.<\/li>\n<li><strong>Zotaven\u00ed a usm\u00ed\u0159en\u00ed:<\/strong> Obnovte slu\u017ebu p\u0159i zachov\u00e1n\u00ed auditovatelnosti a integrity fakturace.<\/li>\n<\/ol>\n<h3>Podce\u0148ovan\u00fd bod selh\u00e1n\u00ed: Posun kotvy d\u016fv\u011bry<\/h3>\n<p>V\u011bt\u0161ina \u201ez\u00e1hadn\u00fdch selh\u00e1n\u00ed P&amp;C\u201c v prost\u0159ed\u00edch s v\u00edce OEM nespo\u010d\u00edv\u00e1 v jedin\u00e9m pro\u0161l\u00e9m certifik\u00e1tu \u2013 jsou\u2026<br \/>\n<strong>selh\u00e1n\u00ed ov\u011b\u0159en\u00ed cesty<\/strong> zp\u016fsoben\u00e9 posunem kotvy d\u016fv\u011bry:<\/p>\n<ul>\n<li>Objevuj\u00ed se nov\u00e9 ko\u0159eny\/meziprodukty (mnohoko\u0159enov\u00e1 realita).<\/li>\n<li><strong>K\u0159\u00ed\u017eov\u00e9 podepisov\u00e1n\u00ed<\/strong> zm\u011bny m\u011bn\u00ed provediteln\u00e9 \u0159et\u011bzce.<\/li>\n<li>\u00dalo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat backendu se aktualizuj\u00ed rychleji ne\u017e EVSE\/lok\u00e1ln\u00ed \u0159adi\u010de.<\/li>\n<li>Artefakty zru\u0161en\u00ed na okraji zastaraj\u00ed.<\/li>\n<\/ul>\n<p>Aktualizace d\u016fv\u011bryhodn\u00fdch kotev pova\u017eujte za proces zm\u011bn kritick\u00fd z hlediska bezpe\u010dnosti:<\/p>\n<ul>\n<li>\u00dalo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch informac\u00ed s verz\u00ed<\/li>\n<li>Zav\u00e1d\u011bn\u00ed na Kan\u00e1rsk\u00fdch ostrovech<\/li>\n<li>Pl\u00e1ny pro vr\u00e1cen\u00ed zp\u011bt<\/li>\n<li>Telemetrie selh\u00e1n\u00ed ov\u011b\u0159en\u00ed podle vydavatele\/s\u00e9riov\u00e9ho \u010d\u00edsla\/cesty<\/li>\n<li>Explicitn\u00ed vlastn\u00edk pro \u201ekdo, co a kdy aktualizuje\u201c<\/li>\n<\/ul>\n<p><strong>Selh\u00e1n\u00ed p\u0159i k\u0159\u00ed\u017eov\u00e9m podepisov\u00e1n\u00ed a budov\u00e1n\u00ed vlastn\u00edch cest (realita roku 2026):<\/strong> V ekosyst\u00e9mech s v\u00edce ko\u0159eny dle ISO 15118,<br \/>\nFunkce Plug &amp; Charge \u010dasto selh\u00e1v\u00e1 ne proto, \u017ee by certifik\u00e1t byl neplatn\u00fd, ale proto, \u017ee EVSE nedok\u00e1\u017ee vytvo\u0159it platn\u00fd certifik\u00e1t.<br \/>\n<strong>cesta k certifik\u00e1tu<\/strong> po zm\u011bn\u00e1ch k\u0159\u00ed\u017eov\u00e9ho podepisov\u00e1n\u00ed (nov\u00e9 meziprodukty, p\u0159emos\u0165uj\u00edc\u00ed certifika\u010dn\u00ed autority, znovu vydan\u00e9 \u0159et\u011bzce).<br \/>\nS p\u0159ipojov\u00e1n\u00edm dal\u0161\u00edch v\u00fdrobc\u016f OEM a dom\u00e9n PKI se zvy\u0161uje slo\u017eitost cesty. Pokud se \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat na okraji s\u00edt\u011b (EVSE\/lok\u00e1ln\u00ed \u0159adi\u010de)<br \/>\nzpo\u017e\u010fuj\u00ed se za aktualizacemi backendu, handshakey TLS mohou selhat, i kdy\u017e se backendov\u00e9 certifik\u00e1ty samy o sob\u011b jev\u00ed jako \u201eplatn\u00e9\u201c.<\/p>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Obr\u00e1zek 1 (Doporu\u010den\u00fd vizu\u00e1l): Ov\u011b\u0159en\u00ed cesty v syst\u00e9mu Multi-Root ISO 15118<\/strong><\/p>\n<p>(Zobrazit ko\u0159enov\u00fd server V2G \/ ko\u0159enov\u00fd server OEM \/ ko\u0159enov\u00fd server smlouvy, mezilehl\u00e9 produkty a mosty k\u0159\u00ed\u017eov\u00e9ho podeps\u00e1n\u00ed.)<br \/>\nZv\u00fdrazn\u011bte m\u00edsto, kde nov\u011b podepsan\u00fd mezilehl\u00fd prvek p\u0159eru\u0161\u00ed budov\u00e1n\u00ed cesty na EVSE, pokud \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat nejsou aktualizov\u00e1na synchronizovan\u011b.<\/p>\n<p><strong>Hlavn\u00ed sd\u011blen\u00ed:<\/strong> V\u011bt\u0161ina v\u00fdpadk\u016f P&amp;C, za kter\u00e9 se p\u0159ipisuje \u201ePKI\u201c, je ve skute\u010dnosti <strong>selh\u00e1n\u00ed ov\u011b\u0159en\u00ed cesty<\/strong> poh\u00e1n\u011bno posunem k\u0159\u00ed\u017eov\u00e9ho podepisov\u00e1n\u00ed a nesynchronizovan\u00fdmi \u00falo\u017ei\u0161ti d\u016fv\u011bryhodnosti.<\/p><\/blockquote>\n<h2>ACME a automatizace: \u0158\u00edzen\u00ed \u010dlov\u011bkem vs. \u0159\u00edzen\u00ed syst\u00e9mem p\u0159i \u017eivotnosti 199\/200 dn\u00ed<\/h2>\n<h3>Pro\u010d se manu\u00e1ln\u00ed obnova st\u00e1v\u00e1 deterministick\u00fdm gener\u00e1torem v\u00fdpadk\u016f<\/h3>\n<p>Kr\u00e1tk\u00e9 \u017eivotnosti vy\u017eaduj\u00ed neust\u00e1l\u00e9 obnovov\u00e1n\u00ed. P\u0159echod DigiCertu na <strong>199 dn\u00ed od 24. \u00fanora 2026<\/strong><br \/>\nD\u00edky tomu je toto okam\u017eit\u011b funk\u010dn\u00ed pro mnoho vozov\u00fdch park\u016f. A \u0161ir\u0161\u00ed \u010dasov\u00fd harmonogram pro dan\u00e9 odv\u011btv\u00ed je ji\u017e definov\u00e1n:<br \/>\n<strong>200 dn\u00ed<\/strong> (od 15. b\u0159ezna 2026), pot\u00e9 <strong>100 dn\u00ed<\/strong>, pak <strong>47 dn\u00ed<\/strong>.<\/p>\n<p>Pro jakoukoli flotilu se ud\u00e1losti obnovy \u0161k\u00e1luj\u00ed takto:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Po\u010det obnov za rok \u2248 N \u00d7 (365 \/ L)<\/code><\/pre>\n<p>Kde <code>N<\/code> je po\u010det koncov\u00fdch bod\u016f TLS a <code>L<\/code> je doba \u017eivotnosti certifik\u00e1tu (dny).<br \/>\nJako <code>L<\/code> sni\u017euje se, obnova \u0159\u00edzen\u00e1 \u010dlov\u011bkem se st\u00e1v\u00e1 matematicky neslu\u010ditelnou s c\u00edli provozuschopnosti.<\/p>\n<h3>Sc\u00e9n\u00e1\u0159 (velikost na \u00farovni p\u0159edstavenstva)<\/h3>\n<p>Pro provozov\u00e1n\u00ed CPO <strong>5 000 koncov\u00fdch bod\u016f<\/strong>, 199denn\u00ed \u017eivotnost znamen\u00e1:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Po\u010det obnov\/rok \u2248 5000 \u00d7 (365 \/ 199) \u2248 9 171<\/code><\/pre>\n<p>V tomto m\u011b\u0159\u00edtku, dokonce i <strong>M\u00edra lidsk\u00fdch chyb 1%<\/strong> v p\u0159ekladu zhruba<br \/>\n<strong>92 v\u00fdpadk\u016f zp\u016fsoben\u00fdch certifik\u00e1ty ro\u010dn\u011b<\/strong>\u2014p\u0159ed zapo\u010d\u00edt\u00e1n\u00edm dopadu dopravn\u00ed \u0161pi\u010dky,<br \/>\nPenalizace SLA nebo kask\u00e1dov\u00e1n\u00ed selh\u00e1n\u00ed nap\u0159\u00ed\u010d uzlem.<\/p>\n<h3>ACME v nab\u00edjec\u00edch s\u00edt\u00edch: co by m\u011blo automatizovat<\/h3>\n<p>ACME (Automated Certificate Management Environment) prom\u011b\u0148uje obnovov\u00e1n\u00ed v operace \u0159\u00edzen\u00e9 z\u00e1sadami pro:<\/p>\n<ul>\n<li>EVSE \u2194 backendov\u00fd TLS<\/li>\n<li>Lok\u00e1ln\u00ed \u0159adi\u010d \/ Edge Proxy TLS<\/li>\n<li>Br\u00e1ny lokality a \u0159\u00eddic\u00ed jednotky uzl\u016f<\/li>\n<\/ul>\n<p><strong>Syst\u00e9mem \u0159\u00edzen\u00fd pracovn\u00ed postup (architektonick\u00fd vzor)<\/strong><\/p>\n<ol>\n<li><strong>Invent\u00e1\u0159<\/strong> ka\u017ed\u00fd koncov\u00fd bod (vydavatel, s\u00e9riov\u00e9 \u010d\u00edslo, \u0159et\u011bzec, expirace, posledn\u00ed rotace).<\/li>\n<li><strong>Z\u00e1sady pro obnoven\u00ed p\u0159edem<\/strong> (obnovit p\u0159i stanoven\u00e9m limitu, nikoli \u201et\u00e9m\u011b\u0159 vypr\u0161\u00ed platnost\u201c).<\/li>\n<li><strong>Hardwarov\u011b z\u00e1lohovan\u00e9 kl\u00ed\u010de<\/strong> pokud je to provediteln\u00e9, vyhn\u011bte se exportu soukrom\u00fdch kl\u00ed\u010d\u016f.<\/li>\n<li><strong>Postupn\u00e9 zav\u00e1d\u011bn\u00ed<\/strong> s kontrolami stavu (handshake + autorizace + zah\u00e1jen\u00ed relace).<\/li>\n<li><strong>Automatick\u00e9 vr\u00e1cen\u00ed zp\u011bt<\/strong> na zv\u00fd\u0161en\u00e9 m\u00ed\u0159e selh\u00e1n\u00ed.<\/li>\n<li><strong>Z\u00e1znamy d\u016fkaz\u016f<\/strong> pro ka\u017ed\u00e9 vyd\u00e1n\u00ed\/nasazen\u00ed (sledovatelnost na \u00farovni shody).<\/li>\n<\/ol>\n<p><strong>\u0158\u00edzeno \u010dlov\u011bkem vs. \u0159\u00edzeno syst\u00e9mem<\/strong><\/p>\n<ul>\n<li>Veden\u00e9 \u010dlov\u011bkem: Tikety, tabulky, pozdn\u00ed obnoven\u00ed, nejednozna\u010dn\u00e9 vlastnictv\u00ed, riskantn\u00ed nouzov\u00e9 zm\u011bny.<\/li>\n<li>Syst\u00e9mov\u011b \u0159\u00edzen\u00e9: Deterministick\u00e9 z\u00e1sady, automatizovan\u00e9 vyd\u00e1v\u00e1n\u00ed, \u0159\u00edzen\u00e9 zav\u00e1d\u011bn\u00ed, pr\u016fb\u011b\u017en\u00e1 telemetrie, auditovateln\u00e9 d\u016fkazy.<\/li>\n<\/ul>\n<h2>Kontroly zru\u0161en\u00ed: \u201ezabij\u00e1k P&amp;C\u201c (CRL vs. OCSP, slab\u00e9 s\u00edt\u011b a obhajiteln\u00e9 z\u00e1sady)<\/h2>\n<h3>Pro\u010d OCSP\/CRL selh\u00e1vaj\u00ed v gar\u00e1\u017e\u00edch a depech<\/h3>\n<ul>\n<li>Slab\u00e9\/p\u0159eru\u0161ovan\u00e9 LTE\/5G<\/li>\n<li>Omezen\u00fd odchod (firewally\/captive port\u00e1ly)<\/li>\n<li>Kroky validace citliv\u00e9 na latenci<\/li>\n<li>Extern\u00ed z\u00e1vislosti (odpov\u00edda\u010de OCSP, distribu\u010dn\u00ed body CRL)<\/li>\n<\/ul>\n<p>V\u00fdsledek: EVSE m\u016f\u017ee zah\u00e1jit relaci, ale nepoda\u0159\u00ed se ji dokon\u010dit. <strong>ov\u011b\u0159en\u00ed zru\u0161en\u00ed<\/strong> spolehliv\u011b.<\/p>\n<h3>CRL vs. OCSP: praktick\u00e9 kompromisy<\/h3>\n<ul>\n<li><strong>CRL:<\/strong> v\u011bt\u0161\u00ed stahov\u00e1n\u00ed, ale ulo\u017eiteln\u00e9 do mezipam\u011bti a obnovovateln\u00e9 podle pl\u00e1nu (dobr\u00e9 pro kontinuitu na okraji serveru).<\/li>\n<li><strong>OCSP:<\/strong> lehk\u00e9 na po\u017eadavek, ale \u010dasto vy\u017eaduje \u017eivou dosa\u017eitelnost na nejslab\u0161\u00ed stran\u011b.<\/li>\n<\/ul>\n<p>V roce 2026 je spr\u00e1vn\u00e9 dr\u017een\u00ed t\u011bla vrstven\u00e9:<\/p>\n<ul>\n<li>Pl\u00e1novan\u00e9 ukl\u00e1d\u00e1n\u00ed do mezipam\u011bti CRL pro zaji\u0161t\u011bn\u00ed odolnosti<\/li>\n<li>OCSP, kde je p\u0159ipojen\u00ed spolehliv\u00e9<\/li>\n<li>Explicitn\u00ed z\u00e1sady pro zhor\u0161en\u00e9 podm\u00ednky<\/li>\n<\/ul>\n<h3>Pro\u010d je \u201em\u011bkk\u00e9 selh\u00e1n\u00ed\u201c st\u00e1le t\u011b\u017e\u0161\u00ed obh\u00e1jit<\/h3>\n<p>Historicky, \u201esoft-fail\u201c (povolen\u00ed relace, pokud vypr\u0161el \u010dasov\u00fd limit kontroly odvol\u00e1n\u00ed) zachoval dostupnost.<br \/>\nV roce 2026 se st\u00e1v\u00e1 soft-fail obt\u00ed\u017en\u011bj\u0161\u00edm ospravedlnit, proto\u017ee:<\/p>\n<ul>\n<li>\u017divotnost je krat\u0161\u00ed (men\u0161\u00ed tolerance k zastaral\u00fdm p\u0159edpoklad\u016fm)<\/li>\n<li>Hl\u00e1\u0161en\u00ed incident\u016f ze strany CRA vy\u017eaduje p\u0159\u00edsn\u011bj\u0161\u00ed discipl\u00ednu a d\u016fkazn\u00ed syst\u00e9m<\/li>\n<\/ul>\n<p>Obhajiteln\u00fd design vy\u017eaduje explicitn\u00ed a zdokumentovanou politiku:<\/p>\n<ul>\n<li><strong>T\u011b\u017ek\u00e9 selh\u00e1n\u00ed<\/strong> pro ve\u0159ejn\u00e9\/vysoce rizikov\u00e9 prost\u0159ed\u00ed<\/li>\n<li><strong>Milost s d\u016fkazy<\/strong> pro uzav\u0159en\u00e9 vozov\u00e9 parky (omezen\u00e9 okno + kompenza\u010dn\u00ed kontroly)<\/li>\n<li><strong>Protokolov\u00e1n\u00ed d\u016fkaz\u016f<\/strong> za ka\u017ed\u00e9 \u0161patn\u00e9 rozhodnut\u00ed<\/li>\n<\/ul>\n<h3>Architektonick\u00e1 zm\u00edrn\u011bn\u00ed (vzory, nikoli produktov\u00e9 sliby)<\/h3>\n<p><strong>Vzor 1: P\u0159edb\u011b\u017en\u00e9 ov\u011b\u0159en\u00ed okraje + ukl\u00e1d\u00e1n\u00ed do mezipam\u011bti<\/strong><\/p>\n<ul>\n<li>Seznamy CRL v mezipam\u011bti s definovan\u00fdmi \u010dasov\u00fdmi intervaly aktu\u00e1lnosti<\/li>\n<li>Meziprodukty mezipam\u011bti a validovan\u00e9 \u0159et\u011bzce<\/li>\n<li>P\u0159edb\u011b\u017en\u00e9 na\u010d\u00edt\u00e1n\u00ed b\u011bhem obdob\u00ed \u201edobr\u00e9 konektivity\u201c<\/li>\n<\/ul>\n<p><strong>Vzor 2: Se\u0161\u00edv\u00e1n\u00ed OCSP (kde je to provediteln\u00e9)<\/strong><\/p>\n<p>Se\u0161\u00edv\u00e1n\u00ed OCSP p\u0159esouv\u00e1 doru\u010dov\u00e1n\u00ed d\u016fkaz\u016f o odvol\u00e1n\u00ed od nejslab\u0161\u00edho okraje, \u010d\u00edm\u017e se sni\u017euje z\u00e1vislost na infrastruktu\u0159e CA b\u011bhem navazov\u00e1n\u00ed relace.<\/p>\n<p><strong>Pozn\u00e1mka k implementaci (embedded reality):<\/strong> V prost\u0159ed\u00edch EVSE ov\u011b\u0159te podporu roz\u0161\u00ed\u0159en\u00ed souvisej\u00edc\u00edch se se\u0161\u00edv\u00e1n\u00edm<br \/>\nve va\u0161em integrovan\u00e9m TLS stacku a konfiguraci sestaven\u00ed (nap\u0159. mbedTLS, wolfSSL) a ov\u011b\u0159ovat chov\u00e1n\u00ed nap\u0159\u00ed\u010d star\u0161\u00edm hardwarem,<br \/>\nproto\u017ee se li\u0161\u00ed \u00faplnost funkc\u00ed a omezen\u00ed pam\u011bti\/RTOS.<\/p>\n<p><strong>Vzor 3: Spr\u00e1va d\u016fv\u011bryhodnosti s v\u00edce ko\u0159eny<\/strong><\/p>\n<ul>\n<li>Kan\u00e1l aktualizac\u00ed jednotn\u00e9ho \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch certifik\u00e1t\u016f pro v\u00edce kotev OEM<\/li>\n<li>Aktualizace Canary + vr\u00e1cen\u00ed zp\u011bt p\u0159i prudk\u00e9m n\u00e1r\u016fstu chyb p\u0159i budov\u00e1n\u00ed cesty<\/li>\n<\/ul>\n<p><strong>Vzor 4: \u0158\u00edzen\u00ed synchronizace \u010dasu (nevyjedn\u00e1vateln\u00e9)<\/strong><\/p>\n<ul>\n<li>Z\u00e1sady NTP (nebo PTP, kde je to vhodn\u00e9)<\/li>\n<li>Monitorov\u00e1n\u00ed driftu a prahov\u00e9 hodnoty v\u00fdstrah<\/li>\n<li>Definovan\u00e9 chov\u00e1n\u00ed, kdy\u017e hodiny nejsou d\u016fv\u011bryhodn\u00e9<\/li>\n<\/ul>\n<h2>Kontinuita offline: zachov\u00e1n\u00ed pou\u017eitelnosti funkce Plug &amp; Charge i b\u011bhem odpojen\u00ed od edge-to-cloud s\u00edt\u011b<\/h2>\n<h3>Co je (a co nen\u00ed) offline kontinuita<\/h3>\n<p>Offline kontinuita nen\u00ed \u201eobejit\u00ed PKI\u201c. Je to \u0159\u00edzen\u00e1 degradace, kter\u00e1 zachov\u00e1v\u00e1:<\/p>\n<ul>\n<li>Integrita kl\u00ed\u010d\u016f a \u00falo\u017ei\u0161\u0165 d\u016fv\u011bryhodn\u00fdch informac\u00ed<\/li>\n<li>Auditabilita pro fakturaci a reakci na incidenty<\/li>\n<li>Explicitn\u00ed omezen\u00ed toho, co lze lok\u00e1ln\u011b validovat (a jak dlouho)<\/li>\n<\/ul>\n<h3>Lok\u00e1ln\u00ed \u0159adi\u010de \/ Edge proxy jako primitiva dostupnosti<\/h3>\n<ul>\n<li>Udr\u017eujte lok\u00e1ln\u00ed mezipam\u011bti d\u016fv\u011bryhodnosti (kotvy\/mezilehl\u00e9 polo\u017eky\/seznamy CRL)<\/li>\n<li>Vynucen\u00ed omezen\u00fdch lok\u00e1ln\u00edch autoriza\u010dn\u00edch z\u00e1sad<\/li>\n<li>M\u011b\u0159en\u00ed\/protokoly vyrovn\u00e1vac\u00ed pam\u011bti pro pozd\u011bj\u0161\u00ed odsouhlasen\u00ed<\/li>\n<li>Sni\u017ete polom\u011br \u0161\u00ed\u0159en\u00ed s\u00edt\u011b WAN t\u00edm, \u017ee budete fungovat jako lok\u00e1ln\u00ed koncov\u00fd bod pro EVSE<\/li>\n<\/ul>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Obr\u00e1zek 2 (doporu\u010den\u00fd vizu\u00e1l): Edge Proxy jako mezipam\u011b\u0165 d\u016fv\u011bryhodnosti v lokalit\u00e1ch se slabou s\u00edt\u00ed<\/strong><\/p>\n<p>(Zobrazit EVSE p\u0159ipojuj\u00edc\u00ed se k m\u00edstn\u00edmu Edge Proxy\/lok\u00e1ln\u00edmu \u0159adi\u010di. Proxy udr\u017euje ulo\u017een\u00e9 v mezipam\u011bti d\u016fv\u011bryhodn\u00e9 kotvy\/zprost\u0159edkovatele,)<br \/>\npl\u00e1novan\u00e1 aktualizace CRL, monitorov\u00e1n\u00ed synchronizace \u010dasu a protokoly d\u016fkaz\u016f; ukl\u00e1d\u00e1 ud\u00e1losti do vyrovn\u00e1vac\u00ed pam\u011bti cloudov\u00e9ho CSMS\/PKI, kdy\u017e je uplink nestabiln\u00ed.)<\/p>\n<p><strong>Hlavn\u00ed sd\u011blen\u00ed:<\/strong> Proxy servery Edge sni\u017euj\u00ed z\u00e1vislost na extern\u00edch koncov\u00fdch bodech OCSP\/CRL a umo\u017e\u0148uj\u00ed \u0159\u00edzenou offline kontinuitu bez obch\u00e1zen\u00ed PKI.<\/p><\/blockquote>\n<h2>CRA a VMP: od term\u00edn\u016f pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v v z\u00e1\u0159\u00ed 2026 k auditovateln\u00e9mu provozn\u00edmu modelu<\/h2>\n<h3>Pravidla pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v ratingov\u00fdch agentur: n\u00e1vrh na 24hodinov\u00fd\/72hodinov\u00fd form\u00e1t<\/h3>\n<p>Pravidla pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v ratingov\u00fdch agentur vy\u017eaduj\u00ed, aby v\u00fdrobci oznamovali aktivn\u011b zneu\u017e\u00edvan\u00e9 zranitelnosti a z\u00e1va\u017en\u00e9 incidenty, kter\u00e9 maj\u00ed dopad<br \/>\no bezpe\u010dnosti produkt\u016f s digit\u00e1ln\u00edmi prvky:<\/p>\n<ul>\n<li><strong>V\u010dasn\u00e9 varov\u00e1n\u00ed do 24 hodin<\/strong> uv\u011bdom\u011bn\u00ed si<\/li>\n<li><strong>\u00dapln\u00e9 ozn\u00e1men\u00ed do 72 hodin<\/strong><\/li>\n<li><strong>Z\u00e1v\u011bre\u010dn\u00e1 zpr\u00e1va<\/strong> v r\u00e1mci definovan\u00fdch oken (v z\u00e1vislosti na t\u0159\u00edd\u011b incidentu)<\/li>\n<\/ul>\n<p>Rozs\u00e1hl\u00e9 naru\u0161en\u00ed slu\u017eby Plug &amp; Charge zp\u016fsoben\u00e9 hromadn\u00fdm zru\u0161en\u00edm nebo naru\u0161en\u00edm d\u016fv\u011bryhodnosti <strong>m\u016f\u017ee se kvalifikovat<\/strong><br \/>\njako z\u00e1va\u017en\u00fd incident v z\u00e1vislosti na dopadu a d\u016fkazech o zneu\u017eit\u00ed.<\/p>\n<h3>Proces \u0159\u00edzen\u00ed zranitelnost\u00ed (VMP): minim\u00e1ln\u00ed \u017eivotaschopn\u00e9 schopnosti<\/h3>\n<ol>\n<li><strong>Pravda o flotile:<\/strong> invent\u00e1\u0159 aktiv + verz\u00ed (firmware EVSE, obrazy \u0159adi\u010d\u016f, verze \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat).<\/li>\n<li><strong>Integrace SBOM (dynamick\u00e1):<\/strong> SBOM mapovan\u00fd na nasaditeln\u00e9 artefakty; pr\u016fb\u011b\u017en\u00e1 korelace s informacemi o zranitelnostech.<\/li>\n<li><strong>\u0158\u00edzen\u00ed expozice \u0159\u00edzen\u00e9 VEX:<\/strong> Udr\u017eujte p\u0159\u00edkazy VEX pro rozli\u0161en\u00ed \u201ep\u0159\u00edtomn\u00e9, ale ne zneu\u017eiteln\u00e9\u201c od \u201ezneu\u017eiteln\u00e9 v na\u0161em nasazen\u00ed\u201c, co\u017e umo\u017e\u0148uje d\u016fv\u011bryhodn\u00e9 stanoven\u00ed rozsahu v r\u00e1mci \u010dasov\u00e9ho okna T+24h.<\/li>\n<li><strong>Pro\u010d je VEX d\u016fle\u017eit\u00fd v 24hodinov\u00e9m form\u00e1tu:<\/strong> SBOM v\u00e1m \u0159ekne, co je p\u0159\u00edtomno; VEX v\u00e1m pom\u016f\u017ee ur\u010dit, co je <strong>zneu\u017eiteln\u00fd<\/strong>, \u010d\u00edm\u017e se sni\u017euje po\u010det fale\u0161n\u00fdch poplach\u016f a br\u00e1n\u00ed se provozn\u00edm t\u00fdm\u016fm v pron\u00e1sledov\u00e1n\u00ed nezneu\u017eiteln\u00e9ho \u0161umu.<\/li>\n<li><strong>P\u0159\u00edjem a t\u0159\u00edd\u011bn\u00ed:<\/strong> doporu\u010den\u00ed dodavatel\u016f, CVE, intern\u00ed zji\u0161t\u011bn\u00ed; up\u0159ednost\u0148ovat zneu\u017eitelnost + expozici.<\/li>\n<li><strong>Pracovn\u00ed postup pro stanoven\u00ed rozsahu T+24h:<\/strong> Korelace SBOM + VEX + invent\u00e1\u0159e pro identifikaci posti\u017een\u00fdch populac\u00ed; po\u010d\u00e1te\u010dn\u00ed rozhodnut\u00ed o omezen\u00ed \u0161\u00ed\u0159en\u00ed; sb\u011br d\u016fkaz\u016f.<\/li>\n<li><strong>Pracovn\u00ed postup ozn\u00e1men\u00ed T+72h:<\/strong> potvrzen\u00fd rozsah, zm\u00edr\u0148uj\u00edc\u00ed opat\u0159en\u00ed, pl\u00e1n zav\u00e1d\u011bn\u00ed\/vr\u00e1cen\u00ed, komunika\u010dn\u00ed z\u00e1znam.<\/li>\n<li><strong>Pracovn\u00ed postup z\u00e1v\u011bre\u010dn\u00e9 zpr\u00e1vy:<\/strong> valida\u010dn\u00ed d\u016fkazy + hlavn\u00ed p\u0159\u00ed\u010dina + prevence, vylep\u0161en\u00ed po dostupnosti n\u00e1pravn\u00fdch opat\u0159en\u00ed.<\/li>\n<li><strong>In\u017een\u00fdrstv\u00ed kadence patch\u016f:<\/strong> postupn\u00e9 zav\u00e1d\u011bn\u00ed, pl\u00e1ny vr\u00e1cen\u00ed zp\u011bt, podepsan\u00e9 artefakty, ov\u011b\u0159ovac\u00ed br\u00e1ny.<\/li>\n<li><strong>Vym\u00e1h\u00e1n\u00ed \u0159et\u011bzce d\u016fv\u011bry:<\/strong> Bezpe\u010dn\u00e9 spu\u0161t\u011bn\u00ed + bezpe\u010dn\u00e9 aktualizace firmwaru; podpisov\u00e9 kl\u00ed\u010de chr\u00e1n\u011bn\u00e9 v HSM\/bezpe\u010dnostn\u00edch prvc\u00edch.<\/li>\n<li><strong>Protokolov\u00e1n\u00ed zalo\u017een\u00e9 na d\u016fkazech:<\/strong> ud\u00e1losti certifik\u00e1t\u016f, zm\u011bny \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch certifik\u00e1t\u016f, selh\u00e1n\u00ed odvol\u00e1n\u00ed, stav synchronizace \u010dasu.<\/li>\n<\/ol>\n<p><strong>Sc\u00e9n\u00e1\u0159 d\u016fv\u011bryhodnosti s vysokou z\u00e1va\u017enost\u00ed:<\/strong> Pokud je zru\u0161en\u00ed spu\u0161t\u011bno kompromitovan\u00fdm ko\u0159enov\u00fdm nebo vyd\u00e1vaj\u00edc\u00edm kl\u00ed\u010dem,<br \/>\npova\u017eovat to za incident d\u016fv\u011bryhodnosti s nejvy\u0161\u0161\u00ed z\u00e1va\u017enost\u00ed vy\u017eaduj\u00edc\u00ed okam\u017eit\u00e9 omezen\u00ed, opat\u0159en\u00ed t\u00fdkaj\u00edc\u00ed se \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodnosti v cel\u00e9m vozov\u00e9m parku,<br \/>\na p\u0159ipravenost na pod\u00e1v\u00e1n\u00ed zpr\u00e1v v souladu s ratingov\u00fdmi agenturami v z\u00e1vislosti na d\u016fkazech o dopadu a vyu\u017eit\u00ed.<\/p>\n<h3>Kontroln\u00ed seznam pro odpo\u010d\u00edt\u00e1v\u00e1n\u00ed reakce na incidenty CRA (opera\u010dn\u00ed \u0161ablona)<\/h3>\n<h4>T+0 (Detekce \/ Pov\u011bdom\u00ed)<\/h4>\n<ul>\n<li>Zmrazen\u00ed d\u016fkaz\u016f: protokoly, ud\u00e1losti certifik\u00e1t\u016f, verze \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch certifik\u00e1t\u016f, stav synchronizace \u010dasu<\/li>\n<li>Identifikace posti\u017een\u00fdch povrch\u016f: firmware EVSE, lok\u00e1ln\u00ed \u0159adi\u010de, koncov\u00e9 body TLS backendu<\/li>\n<li>Zapojte poskytovatele PKI \/ kontaktn\u00ed osobu pro zabezpe\u010den\u00ed backendu<\/li>\n<\/ul>\n<h4>T+24h (V\u010dasn\u00e1 v\u00fdstra\u017en\u00e1 p\u0159ipravenost)<\/h4>\n<ul>\n<li><strong>Hlavn\u00ed c\u00edl:<\/strong> Pou\u017eit\u00ed <strong>SBOM + VEX + invent\u00e1\u0159 vozov\u00e9ho parku<\/strong> ur\u010dit posti\u017eenou populaci a podat v\u010dasn\u00e9 varov\u00e1n\u00ed podlo\u017een\u00e9 d\u016fkazy<\/li>\n<li>Rozhodnut\u00ed o omezen\u00ed: zru\u0161en\u00ed\/rotace, vr\u00e1cen\u00ed zp\u011bt do \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat, izolace webu<\/li>\n<li>N\u00e1vrh bal\u00ed\u010dku v\u010dasn\u00e9ho varov\u00e1n\u00ed: rozsah, prob\u00edhaj\u00edc\u00ed zm\u00edr\u0148uj\u00edc\u00ed opat\u0159en\u00ed, prozat\u00edmn\u00ed stav<\/li>\n<\/ul>\n<h4>T+72h (Pln\u00e1 p\u0159ipravenost k ozn\u00e1men\u00ed)<\/h4>\n<ul>\n<li>Potvr\u010fte posti\u017een\u00e9 populace podle regionu\/m\u00edsta; uve\u010fte pl\u00e1n sanace + metodu jej\u00edho zav\u00e1d\u011bn\u00ed<\/li>\n<li>Vytv\u00e1\u0159en\u00ed z\u00e1znam\u016f o komunikaci se z\u00e1kazn\u00edkem\/oper\u00e1torem a eskalaci<\/li>\n<\/ul>\n<h4>Okno z\u00e1v\u011bre\u010dn\u00e9 zpr\u00e1vy<\/h4>\n<ul>\n<li>P\u0159edlo\u017een\u00ed z\u00e1v\u011bre\u010dn\u00e9 zpr\u00e1vy v souladu s po\u017eadavky CRA (na\u010dasov\u00e1n\u00ed z\u00e1vis\u00ed na t\u0159\u00edd\u011b incidentu)<\/li>\n<li>D\u016fkazy o validaci po oprav\u011b a z\u00edskan\u00e9 poznatky<\/li>\n<\/ul>\n<h2>Kvantifikace n\u00e1klad\u016f a rizik (\u0161ablony, kter\u00e9 m\u016f\u017eete za\u010dlenit do sv\u00e9ho vozov\u00e9ho parku)<\/h2>\n<h3>Model n\u00e1klad\u016f na pr\u00e1ci p\u0159i manu\u00e1ln\u00edm obnoven\u00ed<\/h3>\n<p>Nechat:<\/p>\n<ul>\n<li><code>N<\/code> = po\u010det koncov\u00fdch bod\u016f TLS (EVSE + \u0159adi\u010de + br\u00e1ny + spravovan\u00e9 backendov\u00e9 uzly)<\/li>\n<li><code>L<\/code> = doba trv\u00e1n\u00ed certifik\u00e1tu (dny)<\/li>\n<li><code>t<\/code> = lidsk\u00fd \u010das na obnovu (hodiny)<\/li>\n<li><code>C<\/code> = n\u00e1klady na pr\u00e1ci p\u0159i pln\u00e9m zat\u00ed\u017een\u00ed (USD\/hod.)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>N\u00e1klady na pr\u00e1ci \u2248 N \u00d7 (365 \/ L) \u00d7 t \u00d7 c<\/code><\/pre>\n<h3>Model rizika v\u00fdpadku (vypr\u0161en\u00ed platnosti nebo ne\u00fasp\u011b\u0161n\u00e9 nasazen\u00ed)<\/h3>\n<p>Nechat:<\/p>\n<ul>\n<li><code>P_miss<\/code> = pravd\u011bpodobnost zme\u0161kan\u00e9\/ne\u00fasp\u011b\u0161n\u00e9 obnovy za cyklus<\/li>\n<li><code>H_dol\u016f<\/code> = o\u010dek\u00e1van\u00e1 doba prostoj\u016f v hodin\u00e1ch na incident<\/li>\n<li><code>C_hodina<\/code> = hodinov\u00fd dopad na podnik\u00e1n\u00ed (ztr\u00e1ta p\u0159\u00edjm\u016f, sankce, kredity SLA)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>N\u00e1klady na v\u00fdpadek \u2248 P_miss \u00d7 H_down \u00d7 C_hour<\/code><\/pre>\n<h2>Pr\u016fvodce rozhodov\u00e1n\u00edm: Kdy\u017e online kontroly odvol\u00e1n\u00ed sel\u017eou (\u010dasov\u00fd limit OCSP\/CRL)<\/h2>\n<ol>\n<li><strong>Ve\u0159ejn\u00e9 m\u00edsto nebo uzav\u0159en\u00fd vozov\u00fd park\/depo?<\/strong>\n<ul>\n<li>Ve\u0159ejn\u00e9 \u2192 preferovat <strong>T\u011b\u017ek\u00e9 selh\u00e1n\u00ed<\/strong> (nebo p\u0159\u00edsn\u011b kontrolovan\u00e1 milost pouze s d\u016fkazy + kompenza\u010dn\u00ed kontroly)<\/li>\n<li>Vozov\u00fd park\/depo \u2192 <strong>Milost s d\u016fkazy<\/strong> m\u016f\u017ee b\u00fdt p\u0159ijateln\u00e9 pro omezen\u00e1 okna<\/li>\n<\/ul>\n<\/li>\n<li><strong>Je spolehlivost s\u00edt\u011b p\u0159edv\u00eddateln\u00e1?<\/strong>\n<ul>\n<li>Ano \u2192 Online OCSP\/CRL + monitorov\u00e1n\u00ed<\/li>\n<li>Ne \u2192 <strong>P\u0159edb\u011b\u017en\u00e9 ov\u011b\u0159en\u00ed na okraji + ukl\u00e1d\u00e1n\u00ed do mezipam\u011bti<\/strong> (Okna pro obnoven\u00ed CRL, \u0159et\u011bzce ulo\u017een\u00e9 v mezipam\u011bti)<\/li>\n<\/ul>\n<\/li>\n<li><strong>M\u016f\u017eete sn\u00ed\u017eit z\u00e1vislost na internetu b\u011bhem sezen\u00ed?<\/strong>\n<ul>\n<li>Kde je to provediteln\u00e9 \u2192 p\u0159ijmout <strong>Vzor se\u0161\u00edv\u00e1n\u00ed OCSP<\/strong> (zatla\u010dte d\u016fkaz bl\u00ed\u017ee k okraji)<\/li>\n<\/ul>\n<\/li>\n<li><strong>M\u00e1te zaveden\u00ed z\u00e1znam\u016f + spr\u00e1vu synchronizace \u010dasu?<\/strong>\n<ul>\n<li>Pokud ne \u2192 nejd\u0159\u00edve opravte tyto; z\u00e1sady pro degradovan\u00fd re\u017eim je bez nich t\u011b\u017ek\u00e9 obh\u00e1jit.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>Matice praktick\u00e9 odpov\u011bdnosti (hranice, kter\u00e9 zabra\u0148uj\u00ed v\u00fdpadk\u016fm)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Role<\/th>\n<th>Vyd\u00e1n\u00ed<\/th>\n<th>Validace<\/th>\n<th>Hl\u00e1\u0161en\u00ed<\/th>\n<th>Aktualizovat kadenci<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CPO<\/strong><\/td>\n<td>Strategie TLS\/identity; vynucen\u00ed automatick\u00e9ho obnoven\u00ed; \u00fadr\u017eba invent\u00e1\u0159e koncov\u00fdch bod\u016f; pl\u00e1nov\u00e1n\u00ed chov\u00e1n\u00ed p\u0159i p\u0159echodu certifika\u010dn\u00edch certifik\u00e1t\u016f (199denn\u00ed vyd\u00e1v\u00e1n\u00ed od 24. \u00fanora pro DigiCert)<\/td>\n<td>Definov\u00e1n\u00ed z\u00e1sad pro hard\/soft fail; aktu\u00e1lnost artefakt\u016f pro zru\u0161en\u00ed; <strong>\u0158\u00edzen\u00ed synchronizace \u010dasu<\/strong> (NTP\/PTP, monitorov\u00e1n\u00ed driftu, upozorn\u011bn\u00ed)<\/td>\n<td>Provozovat p\u0159\u00edru\u010dky pro incidenty; zaji\u0161\u0165ovat p\u0159ipravenost k pod\u00e1v\u00e1n\u00ed zpr\u00e1v v souladu s CRA (24\/72\/konec)<\/td>\n<td>Nep\u0159etr\u017eit\u00e9 sledov\u00e1n\u00ed platnosti; aktualizace \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch dat; nouzov\u00e9 zm\u011bny kotev d\u016fv\u011bryhodn\u00fdch dat; audity synchronizace \u010dasu<\/td>\n<\/tr>\n<tr>\n<td><strong>V\u00fdrobci OEM pro elektromobily (EVSE)<\/strong><\/td>\n<td>Hardwarov\u011b z\u00e1lohovan\u00e9 \u00falo\u017ei\u0161t\u011b kl\u00ed\u010d\u016f; identita za\u0159\u00edzen\u00ed; automatiza\u010dn\u00ed hooky; primitiva zabezpe\u010den\u00e9ho spou\u0161t\u011bn\u00ed\/aktualizace<\/td>\n<td>Nastaven\u00ed TLS; vytv\u00e1\u0159en\u00ed \u0159et\u011bzce; chov\u00e1n\u00ed p\u0159i odvol\u00e1n\u00ed; spr\u00e1va \u00falo\u017ei\u0161t\u011b d\u016fv\u011bryhodn\u00fdch certifik\u00e1t\u016f; zabezpe\u010den\u00e9 spu\u0161t\u011bn\u00ed + zabezpe\u010den\u00fd \u0159et\u011bzec aktualizac\u00ed firmwaru<\/td>\n<td>\u0158e\u0161en\u00ed zranitelnost\u00ed produkt\u016f; doporu\u010den\u00ed; bal\u00ed\u010dky n\u00e1pravn\u00fdch opat\u0159en\u00ed; podpora reportingu oper\u00e1tor\u016f s technick\u00fdmi fakty<\/td>\n<td>Pravideln\u00e9 verze + nouzov\u00e9 z\u00e1platy; definovan\u00e1 okna podpory; playbooky pro rotaci kl\u00ed\u010d\u016f<\/td>\n<\/tr>\n<tr>\n<td><strong>Poskytovatel\u00e9 backendu \/ V2G PKI<\/strong><\/td>\n<td>Vyd\u00e1v\u00e1n\u00ed smluvn\u00edho ekosyst\u00e9mu (pokud je v rozsahu p\u016fsobnosti); operace CA\/RA; politika vyd\u00e1v\u00e1n\u00ed<\/td>\n<td>Ov\u011b\u0159ov\u00e1n\u00ed backendu; dostupnost OCSP\/CRL; spr\u00e1va d\u016fv\u011bryhodn\u00fdch kotev<\/td>\n<td>Poskytn\u011bte fakta o incidentech\/zranitelnostech; podpo\u0159te bal\u00ed\u010dky d\u016fkaz\u016f o \u010dasov\u00e9 ose CRA<\/td>\n<td>\u010cast\u00e9 aktualizace z\u00e1sad\/kotv\u00ed d\u016fv\u011bryhodnosti; in\u017een\u00fdrstv\u00ed odolnosti OCSP\/CRL; pr\u016fb\u011b\u017en\u00e9 monitorov\u00e1n\u00ed<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Glos\u00e1\u0159<\/h2>\n<ul>\n<li><strong>PKI:<\/strong> Infrastruktura ve\u0159ejn\u00fdch kl\u00ed\u010d\u016f (vyd\u00e1v\u00e1n\u00ed, validace, d\u016fv\u011bryhodn\u00e9 kotvy, zru\u0161en\u00ed)<\/li>\n<li><strong>VRCHOL:<\/strong> Automatizovan\u00e9 prost\u0159ed\u00ed pro spr\u00e1vu certifik\u00e1t\u016f (automatizovan\u00e9 vyd\u00e1v\u00e1n\u00ed\/obnovov\u00e1n\u00ed)<\/li>\n<li><strong>OCSP \/ CRL:<\/strong> Protokol o stavu online certifik\u00e1t\u016f \/ Seznam zneplatn\u011bn\u00fdch certifik\u00e1t\u016f<\/li>\n<li><strong>Se\u0161\u00edv\u00e1n\u00ed OCSP:<\/strong> Server poskytuje d\u016fkaz o odvol\u00e1n\u00ed, aby se sn\u00ed\u017eila z\u00e1vislost na aktivn\u00edm OCSP.<\/li>\n<li><strong>D\u016fv\u011bryhodn\u00e9 kotvy:<\/strong> Ko\u0159enov\u00e9\/zprost\u0159edkuj\u00edc\u00ed certifik\u00e1ty, kter\u00fdm va\u0161i valid\u00e1to\u0159i d\u016fv\u011b\u0159uj\u00ed<\/li>\n<li><strong>SBOM:<\/strong> Kusovn\u00edk softwaru (invent\u00e1\u0159 komponent pro ur\u010den\u00ed rozsahu zranitelnost\u00ed)<\/li>\n<li><strong>VEX:<\/strong> V\u00fdm\u011bna informac\u00ed o zneu\u017eiteln\u00e9 zranitelnosti (prohl\u00e1\u0161en\u00ed o stavu zneu\u017eiteln\u00e9 zranitelnosti)<\/li>\n<li><strong>TLS 1.3:<\/strong> Modern\u00ed TLS profil; handshake + ov\u011b\u0159en\u00ed certifik\u00e1tu z\u016fst\u00e1v\u00e1 citliv\u00e9 na latenci.<\/li>\n<li><strong>VMP:<\/strong> Proces \u0159\u00edzen\u00ed zranitelnost\u00ed (p\u0159\u00edjem, t\u0159\u00edd\u011bn\u00ed, opravy, hl\u00e1\u0161en\u00ed, d\u016fkazy)<\/li>\n<\/ul>\n<h2>Riziko zam\u011b\u0159en\u00e9 na budoucnost: Agilita kryptom\u011bn a p\u0159ipravenost na PQC<\/h2>\n<p>Zat\u00edmco rok 2026 se bude vyzna\u010dovat kr\u00e1tkou \u017eivotnost\u00ed TLS a reportingem CRA, nab\u00edjec\u00ed infrastruktury by m\u011bly za\u010d\u00edt s hodnocen\u00edm<br \/>\n<strong>krypto-agilita<\/strong>U za\u0159\u00edzen\u00ed s dlouhou \u017eivotnost\u00ed (vozidla a nab\u00edje\u010dky) by se architektury m\u011bly vyhnout hardwarov\u00e9 z\u00e1vislosti t\u00edm, \u017ee zajist\u00ed\u2026<br \/>\nPrvky HSM\/zabezpe\u010den\u00ed a vestav\u011bn\u00e9 z\u00e1sobn\u00edky mohou podporovat budouc\u00ed aktualizace algoritm\u016f a profil\u016f certifik\u00e1t\u016f bez nutnosti aktualizace hardwaru.<\/p>\n<h2>\u010casto kladen\u00e9 ot\u00e1zky<\/h2>\n<h3>M\u016f\u017ee Plug &amp; Charge fungovat offline?<\/h3>\n<p>\u010c\u00e1ste\u010dn\u011b \u2013 z\u00e1m\u011brn\u011b. Offline P&amp;C je \u0159\u00edzen\u00e1 degradace pomoc\u00ed lok\u00e1ln\u00edho ukl\u00e1d\u00e1n\u00ed d\u016fv\u011bryhodn\u00fdch dat do mezipam\u011bti (kotvy\/mezilehl\u00e9 polo\u017eky\/seznamy CRL, kde je to provediteln\u00e9).<br \/>\nexplicitn\u00ed z\u00e1sady pro odsouhlasen\u00ed a ulo\u017een\u00e9 protokoly auditu pro \u00fa\u010dely odsouhlasen\u00ed. Nem\u011blo by se obch\u00e1zet PKI; m\u011blo by se sn\u00ed\u017eit z\u00e1vislost na \u017eiv\u00e9m cloudu.<br \/>\np\u0159i zachov\u00e1n\u00ed integrity a auditovatelnosti.<\/p>\n<h3>Jak \u010dasto mus\u00edme obnovovat certifik\u00e1ty s platnost\u00ed 199\/200 dn\u00ed?<\/h3>\n<p>Napl\u00e1nujte si n\u011bkolik cykl\u016f obnovy ro\u010dn\u011b pro ka\u017ed\u00fd koncov\u00fd bod. Pro mnoho provozovatel\u016f za\u010d\u00edn\u00e1 provozn\u00ed p\u0159echod<br \/>\n<strong>24. \u00fanora 2026<\/strong> proto\u017ee DigiCert bude vyd\u00e1vat ve\u0159ejn\u00e9 TLS certifik\u00e1ty s maxim\u00e1ln\u00ed <strong>199 dn\u00ed<\/strong> platnost od tohoto data.<br \/>\nNa \u0161ir\u0161\u00ed \u00farovni ekosyst\u00e9mu definuj\u00ed z\u00e1kladn\u00ed po\u017eadavky postupn\u00e9 sni\u017eov\u00e1n\u00ed <strong>200\/100\/47 dn\u00ed<\/strong>.<\/p>\n<h3>Co spou\u0161t\u00ed povinnost ratingov\u00fdch agentur pod\u00e1vat zpr\u00e1vy?<\/h3>\n<p>Pravidla pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v ratingov\u00fdch agentur vy\u017eaduj\u00ed <strong>24hodinov\u00e9 v\u010dasn\u00e9 varov\u00e1n\u00ed<\/strong> a <strong>72hodinov\u00e9 ozn\u00e1men\u00ed<\/strong> pro aktivn\u011b zneu\u017e\u00edvan\u00e9 zranitelnosti a z\u00e1va\u017en\u00e9 incidenty,<br \/>\nplus kone\u010dn\u00e9 \u010dasov\u00e9 r\u00e1mce pro pod\u00e1v\u00e1n\u00ed zpr\u00e1v. Rozs\u00e1hl\u00e9 naru\u0161en\u00ed d\u016fv\u011bryhodnosti P&amp;C (nap\u0159. \u0161kodliv\u00e9 zru\u0161en\u00ed nebo kompromitace ov\u011b\u0159en\u00ed) se m\u016f\u017ee kvalifikovat v z\u00e1vislosti na<br \/>\nna z\u00e1klad\u011b d\u016fkaz\u016f o dopadu a vyu\u017eit\u00ed; pl\u00e1n pro hodnocen\u00ed rizik p\u0159ipraven\u00fd na CRA by m\u011bl podporovat <strong>SBOM + VEX + invent\u00e1\u0159 vozov\u00e9ho parku<\/strong> vymezen\u00ed rozsahu b\u011bhem prvn\u00edch 24 hodin.<\/p>\n<\/article>","protected":false},"excerpt":{"rendered":"<p>TL;DR (Executive Action Summary) TLS cutover is a hard boundary (not a suggestion): From February 24, 2026, DigiCert will stop accepting public TLS certificate requests with validity greater than 199 days, and certificates issued from that date have a 199-day maximum validity. This is the practical cutover for many operators\u2014renewal velocity increases immediately. The 200\u2192100\u219247-day [&hellip;]<\/p>","protected":false},"author":3,"featured_media":37917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[143,142,158,146,151,152,159,157,99,153,141,147,149,150,145,98,154,144,148,155,156],"class_list":["post-38532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-acme","tag-certificate-lifecycle","tag-cra-compliance","tag-crl","tag-cross-signing","tag-edge-proxy","tag-ev-charging-infrastructure-2026","tag-evse-security","tag-iso-15118","tag-local-controller","tag-ocsp","tag-ocsp-stapling","tag-offline-charging","tag-path-validation","tag-pki","tag-plug-charge","tag-sbom","tag-tls-1-3","tag-trust-anchors","tag-vex","tag-vulnerability-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)<\/title>\n<meta name=\"description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.evb.com\/cs\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)\" \/>\n<meta property=\"og:description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.evb.com\/cs\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"EVB\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-12T07:13:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-16T12:39:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"evb\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"evb\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"author\":{\"name\":\"evb\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\"},\"headline\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"wordCount\":2523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"keywords\":[\"ACME\",\"Certificate Lifecycle\",\"CRA Compliance\",\"CRL\",\"Cross-signing\",\"Edge Proxy\",\"EV Charging Infrastructure 2026\",\"EVSE Security\",\"ISO 15118\",\"Local Controller\",\"OCSP\",\"OCSP Stapling\",\"Offline Charging\",\"Path Validation\",\"PKI\",\"Plug &amp; Charge\",\"SBOM\",\"TLS 1.3\",\"Trust Anchors\",\"VEX\",\"Vulnerability Management\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\\\/200-Day + CRA 24h\\\/72h)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"description\":\"Manage ISO 15118 certificates in 2026: 199\\\/200-day TLS renewals, ACME automation, revocation failures (OCSP\\\/CRL), offline Plug & Charge, and CRA 24h\\\/72h reporting readiness.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"width\":1280,\"height\":721,\"caption\":\"EVB 4 Guns 480kw dc ev charger with energy storage battery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.evb.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"name\":\"EVB\",\"description\":\"Smart EV Charging &amp; Energy Storage Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.evb.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\",\"name\":\"EVB\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"width\":605,\"height\":626,\"caption\":\"EVB\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\",\"name\":\"evb\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"caption\":\"evb\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.evb.com\/cs\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_locale":"cs_CZ","og_type":"article","og_title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","og_description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","og_url":"https:\/\/www.evb.com\/cs\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_site_name":"EVB","article_published_time":"2026-01-12T07:13:14+00:00","article_modified_time":"2026-01-16T12:39:19+00:00","og_image":[{"width":1280,"height":721,"url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","type":"image\/webp"}],"author":"evb","twitter_card":"summary_large_image","twitter_misc":{"Napsal(a)":"evb","Odhadovan\u00e1 doba \u010dten\u00ed":"11 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#article","isPartOf":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"author":{"name":"evb","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0"},"headline":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"wordCount":2523,"commentCount":0,"publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","keywords":["ACME","Certificate Lifecycle","CRA Compliance","CRL","Cross-signing","Edge Proxy","EV Charging Infrastructure 2026","EVSE Security","ISO 15118","Local Controller","OCSP","OCSP Stapling","Offline Charging","Path Validation","PKI","Plug &amp; Charge","SBOM","TLS 1.3","Trust Anchors","VEX","Vulnerability Management"],"articleSection":["Blog"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","url":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","name":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","isPartOf":{"@id":"https:\/\/www.evb.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","breadcrumb":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","width":1280,"height":721,"caption":"EVB 4 Guns 480kw dc ev charger with energy storage battery"},{"@type":"BreadcrumbList","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.evb.com\/"},{"@type":"ListItem","position":2,"name":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.evb.com\/#website","url":"https:\/\/www.evb.com\/","name":"EVB","description":"Smart EV Charging &amp; Energy Storage Solutions","publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.evb.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Organization","@id":"https:\/\/www.evb.com\/#organization","name":"EVB","url":"https:\/\/www.evb.com\/","logo":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","width":605,"height":626,"caption":"EVB"},"image":{"@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0","name":"evb","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","caption":"evb"}}]}},"_links":{"self":[{"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/posts\/38532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/comments?post=38532"}],"version-history":[{"count":5,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/posts\/38532\/revisions"}],"predecessor-version":[{"id":38581,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/posts\/38532\/revisions\/38581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/media\/37917"}],"wp:attachment":[{"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/media?parent=38532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/categories?post=38532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evb.com\/cs\/wp-json\/wp\/v2\/tags?post=38532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}