{"id":38532,"date":"2026-01-12T15:13:14","date_gmt":"2026-01-12T07:13:14","guid":{"rendered":"https:\/\/www.evb.com\/?p=38532"},"modified":"2026-01-16T20:39:19","modified_gmt":"2026-01-16T12:39:19","slug":"iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance","status":"publish","type":"post","link":"https:\/\/www.evb.com\/da\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","title":{"rendered":"ISO 15118-certifikatets livscyklusstyring i 2026: Fra TLS-haster til CRA-overholdelse"},"content":{"rendered":"<article>\n<div class=\"mceTemp\"><\/div>\n<figure id=\"attachment_36118\" aria-describedby=\"caption-attachment-36118\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-36118\" title=\"Oversigt over EVB-produktlinjen for opladning og energilagring\" src=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg\" alt=\"EVB&#039;s portef\u00f8lje af AC- og DC-opladere til elbiler og kommercielle energilagringssystemer\" width=\"635\" height=\"397\" srcset=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg 2560w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-1536x960.jpeg 1536w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-2048x1280.jpeg 2048w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-18x12.jpeg 18w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-600x375.jpeg 600w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-768x480.jpeg 768w\" sizes=\"auto, (max-width: 635px) 100vw, 635px\" \/><figcaption id=\"caption-attachment-36118\" class=\"wp-caption-text\"><a href=\"https:\/\/www.evb.com\/da\/\">EVB tilbyder et komplet udvalg af AC- og DC-opladere til elbiler<\/a><\/figcaption><\/figure>\n<h2>TL;DR (Resum\u00e9 af handlinger)<\/h2>\n<ul>\n<li><strong>TLS-cutover er en h\u00e5rd gr\u00e6nse (ikke et forslag):<\/strong> Fra <strong>24. februar 2026<\/strong>, DigiCert vil <strong>stop med at acceptere<\/strong> offentlige TLS-certifikatanmodninger med gyldighed <strong>mere end 199 dage<\/strong>, og certifikater udstedt fra denne dato har en <strong>Maksimal gyldighed p\u00e5 199 dage<\/strong>Dette er den praktiske overgang for mange operat\u00f8rer \u2013 fornyelseshastigheden \u00f8ges \u00f8jeblikkeligt.<\/li>\n<li><strong>K\u00f8replanen p\u00e5 200\u2192100\u219247 dage er allerede defineret:<\/strong> CA\/Browser Forum-grundkravene fasts\u00e6tter en gradvis reduktion: <strong>200 dage fra 15. marts 2026<\/strong>, <strong>100 dage fra 15. marts 2027<\/strong>, og <strong>47 dage fra 15. marts 2029<\/strong>.<\/li>\n<li><strong>CRA tilf\u00f8jer et compliance-ur:<\/strong> Regler for kreditvurderingsbureauets indberetning kr\u00e6ver <strong>tidlig varsling inden for 24 timer<\/strong>, <strong>fuld underretning inden for 72 timer<\/strong>og definerede endelige rapporteringsvinduer for aktivt udnyttede s\u00e5rbarheder og alvorlige h\u00e6ndelser.<\/li>\n<li><strong>Den st\u00f8rste skjulte risiko er ikke udl\u00f8b:<\/strong> Den systemiske fejltilstand er <strong>tillidsankerdrift<\/strong>\u2014\u00e6ndringer af roots\/intermediates\/cross-signing er ikke synkroniserede p\u00e5 tv\u00e6rs af EVSE, lokale controllere og backend-valideringsstier.<\/li>\n<li><strong>F\u00f8rste investering for at beskytte oppetiden:<\/strong> Systemstyret automatisering (ACME + lager + trinvis udrulning) plus <strong>kantkontinuitet<\/strong> (lokal validering\/caching, bevislogfiler og tidssynkroniseringsstyring).<\/li>\n<\/ul>\n<h2>Introduktion: 2026 g\u00f8r Plug &amp; Charge til et operationelt system<\/h2>\n<p>I 2026 stopper Plug &amp; Charge (P&amp;C) med at v\u00e6re en &quot;indstil-og-glem&quot;-funktion og bliver en <strong>kontinuerligt operativsystem<\/strong>.<br \/>\nISO 15118-tillidsplanet (PKI + TLS + tilbagekaldelse + opdateringer) er nu styret af tidslinjer, der ikke tolererer manuelle arbejdsgange.<\/p>\n<p>For at forst\u00e5 systemgr\u00e6nsen \u2013 hvad ISO 15118 er ansvarlig for vs. hvad OCPP er ansvarlig for \u2013 start med vores ledsagende artikel:<br \/>\n<a href=\"https:\/\/www.evb.com\/da\/iso-15118-ocpp-in-2026-real-world-deployment-pki-and-grid-readiness\/\">ISO 15118 vs. OCPP-implementeringsrealitet i 2026<\/a>.<\/p>\n<p>Det umiddelbare pres er <strong>TLS livscykluskomprimering<\/strong>Operationelt kan man ikke &quot;vente til marts&quot;.<br \/>\nDigiCert vil <strong>stop med at acceptere<\/strong> offentlige TLS-anmodninger, der overstiger <strong>199 dage<\/strong> starter <strong>24. februar 2026<\/strong>,<br \/>\nog certifikater udstedt fra den dag og fremefter vil have en <strong>Maksimal gyldighed p\u00e5 199 dage<\/strong>.<br \/>\nDigiCert understreger ogs\u00e5 en kritisk operationel detalje: den maksimalt tilladte gyldighed styres af <strong>udstedelsesdato<\/strong>, ikke n\u00e5r ordren afgives.<\/p>\n<p>Samtidig indf\u00f8rer EU&#039;s lov om cybermodstandsdygtighed (CRA) et andet ur: rapporteringsregler kr\u00e6ver<br \/>\n<strong>24-timers tidlig varsling<\/strong> og <strong>72-timers notifikation<\/strong> for aktivt udnyttede s\u00e5rbarheder og alvorlige h\u00e6ndelser, der p\u00e5virker produkter med digitale elementer.<\/p>\n<p>Denne vejledning fokuserer p\u00e5 arkitektur og risikostyring for drift af ISO 15118-certifikater under disse begr\u00e6nsninger.<\/p>\n<h2>Milep\u00e6le og n\u00f8dvendige handlinger for 2024-2026 (tekst Gantt)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Vindue<\/th>\n<th>2024 H2<\/th>\n<th>1. halv\u00e5r 2025<\/th>\n<th>2025 H2<\/th>\n<th><strong>24. februar 2026<\/strong><\/th>\n<th><strong>15. marts 2026<\/strong><\/th>\n<th><strong>11. september 2026<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Ekstern forandring<\/strong><\/td>\n<td>CA-overgangssignaler<\/td>\n<td>Pilotautomatisering<\/td>\n<td>\u00d8velser i tillidsanker<\/td>\n<td><strong>DigiCert 199-dages udstedelse begynder<\/strong><\/td>\n<td><strong>200-dages BR-loftfase begynder<\/strong><\/td>\n<td>CRA-rapporteringsforpligtelser aktive (if\u00f8lge vejledning)<\/td>\n<\/tr>\n<tr>\n<td><strong>Hvad skal man g\u00f8re<\/strong><\/td>\n<td>Lagerslutpunkter<\/td>\n<td>ACME-pilot + telemetri<\/td>\n<td>Offlinestrategi + udrulning af trust-store<\/td>\n<td>Frys manuelle fornyelsesstier<\/td>\n<td>Fuld systemstyrede fornyelser<\/td>\n<td>K\u00f8r CRA bord\u00f8velser + bevis\u00f8velser<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Operationel bem\u00e6rkning:<\/strong> Den 24. februar 2026 er ofte det virkelige skillepunkt, fordi udstedelsesadf\u00e6rden \u00e6ndrer sig for st\u00f8rre CA&#039;er.<\/p>\n<p><strong>Politikbem\u00e6rkning:<\/strong> De fasede levetidsreduktioner er defineret i basiskravene (200\/100\/47 dage).<\/p>\n<h2>Livscykluslandskabet: Klarg\u00f8ring \u2192 Drift \u2192 Fornyelse \u2192 Tilbagekaldelse<\/h2>\n<h3>Livscykluskort (hvad du skal kunne betjene)<\/h3>\n<ol>\n<li><strong>OEM-klarg\u00f8ring:<\/strong> N\u00f8gler genereret\/injiceret; tillidsrod etableret (HSM\/sikkert element).<\/li>\n<li><strong>Kontrakttilmelding:<\/strong> Kontraktcertifikater bundet til brugerkontrakter (\u00f8kosystemafh\u00e6ngige).<\/li>\n<li><strong>Idrifts\u00e6ttelse af EVSE:<\/strong> Der er etableret basislinjer for tillidslager, politikker og tidssynkroniseringsbasislinjer.<\/li>\n<li><strong>Operationel validering:<\/strong> TLS-handshakes, k\u00e6deopbygning, kontrol af tilbagekaldelser, h\u00e5ndh\u00e6velse af politikker.<\/li>\n<li><strong>Fornyelse \/ genudstedelse:<\/strong> Automatisering + gradvis udrulning + tilbagerulning.<\/li>\n<li><strong>Tilbagekaldelse \/ reaktion p\u00e5 h\u00e6ndelse:<\/strong> Kompromis\/misbrug af udstedelse\/udnyttelse \u2192 tilbagekald\/roter\/inddriv.<\/li>\n<li><strong>Genopretning og forsoning:<\/strong> Gendan tjenesten, samtidig med at revisionsbarhed og faktureringsintegritet bevares.<\/li>\n<\/ol>\n<h3>Det undervurderede fejlpunkt: Tillidsankerdrift<\/h3>\n<p>De fleste &quot;mystiske P&amp;C-fejl&quot; i multi-OEM-milj\u00f8er er ikke et enkelt udl\u00f8bet certifikat \u2013 de er<br \/>\n<strong>fejl i validering af stier<\/strong> for\u00e5rsaget af drift af tillidsanker:<\/p>\n<ul>\n<li>Nye r\u00f8dder\/mellemprodukter opst\u00e5r (multirodsvirkelighed).<\/li>\n<li><strong>Krydssignering<\/strong> \u00e6ndringer \u00e6ndrer gennemf\u00f8rlige k\u00e6der.<\/li>\n<li>Backend-trustlagre opdateres hurtigere end EVSE\/lokale controllere.<\/li>\n<li>Tilbagekaldelsesartefakter bliver for\u00e6ldede i kanten.<\/li>\n<\/ul>\n<p>Behandl opdateringer af tillidsankre som en sikkerhedskritisk \u00e6ndringsproces:<\/p>\n<ul>\n<li>Versionsbaserede tillidsbutikker<\/li>\n<li>Canary-udrulninger<\/li>\n<li>Tilbagerulningsplaner<\/li>\n<li>Telemetri ved valideringsfejl efter udsteder\/serienummer\/sti<\/li>\n<li>En eksplicit ejer af &quot;hvem opdaterer hvad, hvorn\u00e5r&quot;<\/li>\n<\/ul>\n<p><strong>Fejl i krydssignering og stiopbygning (virkelighed i 2026):<\/strong> I ISO 15118-\u00f8kosystemer med flere r\u00f8dder,<br \/>\nPlug &amp; Charge fejler ofte ikke fordi et certifikat er ugyldigt, men fordi EVSE&#039;en ikke kan bygge en gyldig<br \/>\n<strong>certifikatsti<\/strong> efter \u00e6ndringer i krydssignering (nye mellemprodukter, bro-CA&#039;er, genudstedte k\u00e6der).<br \/>\nEfterh\u00e5nden som flere OEM&#039;er og PKI-dom\u00e6ner tilslutter sig, \u00f8ges stikompleksiteten. Hvis edge trust-lagre (EVSE\/lokale controllere)<br \/>\nhalter bagefter backend-opdateringer, TLS-handshakes kan mislykkes, selv n\u00e5r backend-certifikater isoleret set virker &quot;gyldige&quot;.<\/p>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Figur 1 (anbefalet visuel): Stivalidering i Multi-Root ISO 15118<\/strong><\/p>\n<p>(Vis V2G-rod \/ OEM-rod \/ kontraktrod, mellemliggende og krydstegnsbroer).<br \/>\nFremh\u00e6v hvor et nyligt krydssigneret mellemprodukt afbryder stiopbygning p\u00e5 EVSE, hvis tillidslagre ikke opdateres synkront.<\/p>\n<p><strong>Kernebudskab:<\/strong> De fleste P&amp;C-afbrydelser, der skyldes &quot;PKI&quot;, er faktisk <strong>fejl i validering af stier<\/strong> drevet af krydssigneringsdrift og usynkroniserede tillidslagre.<\/p><\/blockquote>\n<h2>ACME &amp; Automation: Menneskestyret vs. systemstyret under 199\/200 dages levetid<\/h2>\n<h3>Hvorfor manuel fornyelse bliver en deterministisk afbrydelsesgenerator<\/h3>\n<p>Korte levetider g\u00f8r fornyelser kontinuerlige. DigiCerts overgang til <strong>199 dage fra 24. februar 2026<\/strong><br \/>\ng\u00f8r dette operationelt med det samme for mange fl\u00e5der. Og den bredere tidslinje for branchen er allerede defineret:<br \/>\n<strong>200 dage<\/strong> (fra 15. marts 2026), derefter <strong>100 dage<\/strong>, s\u00e5 <strong>47 dage<\/strong>.<\/p>\n<p>For enhver fl\u00e5de skaleres fornyelsesbegivenheder som f\u00f8lger:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Fornyelsesbegivenheder pr. \u00e5r \u2248 N \u00d7 (365 \/ L)<\/code><\/pre>\n<p>Hvor <code>N<\/code> er antallet af TLS-slutpunkter og <code>L<\/code> er certifikatets levetid (dage).<br \/>\nSom <code>L<\/code> falder, bliver menneskeskabt fornyelse matematisk uforenelig med oppetidsm\u00e5l.<\/p>\n<h3>Scenarie (st\u00f8rrelsesindstilling p\u00e5 bestyrelsesniveau)<\/h3>\n<p>For en CPO, der opererer <strong>5.000 slutpunkter<\/strong>, en levetid p\u00e5 199 dage indeb\u00e6rer:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Fornyelsesbegivenheder\/\u00e5r \u2248 5000 \u00d7 (365 \/ 199) \u2248 9.171<\/code><\/pre>\n<p>I denne skala, selv en <strong>1% menneskelig fejlrate<\/strong> overs\u00e6ttes til omtrent<br \/>\n<strong>92 certifikatdrevne afbrydelser om \u00e5ret<\/strong>\u2014f\u00f8r der tages h\u00f8jde for p\u00e5virkningen i myldretiden,<br \/>\nSLA-b\u00f8der eller kaskaderende fejl p\u00e5 tv\u00e6rs af en hub.<\/p>\n<h3>ACME i ladenetv\u00e6rk: hvad det skal automatisere<\/h3>\n<p>ACME (Automated Certificate Management Environment) forvandler fornyelser til politikdrevne operationer for:<\/p>\n<ul>\n<li>EVSE \u2194 backend TLS<\/li>\n<li>Lokal controller \/ Edge Proxy TLS<\/li>\n<li>Site gateways og hub-controllere<\/li>\n<\/ul>\n<p><strong>Systemstyret arbejdsgang (arkitekturm\u00f8nster)<\/strong><\/p>\n<ol>\n<li><strong>Inventar<\/strong> hvert slutpunkt (udsteder, serienummer, k\u00e6de, udl\u00f8b, sidste rotation).<\/li>\n<li><strong>Forny-f\u00f8r-politik<\/strong> (forny ved en fast gr\u00e6nse, ikke &quot;n\u00e6r udl\u00f8b&quot;).<\/li>\n<li><strong>Hardware-backed n\u00f8gler<\/strong> hvor det er muligt; undg\u00e5 eksport af private n\u00f8gler.<\/li>\n<li><strong>Gradvis udrulning<\/strong> med sundhedstjek (h\u00e5ndtryk + godkendelse + sessionsstart).<\/li>\n<li><strong>Automatisk tilbagerulning<\/strong> p\u00e5 forh\u00f8jede fejlrater.<\/li>\n<li><strong>Bevislogge<\/strong> for hver udstedelse\/implementering (sporbarhed p\u00e5 compliance-niveau).<\/li>\n<\/ol>\n<p><strong>Menneskestyret vs. systemstyret<\/strong><\/p>\n<ul>\n<li>Menneskestyret: Sager, regneark, sene fornyelser, tvetydigt ejerskab, risikable n\u00f8d\u00e6ndringer.<\/li>\n<li>Systemstyret: Deterministiske politikker, automatiseret udstedelse, kontrolleret udrulning, kontinuerlig telemetri, reviderbar dokumentation.<\/li>\n<\/ul>\n<h2>Tilbagekaldelseskontroller: &quot;P&amp;C-dr\u00e6beren&quot; (CRL vs. OCSP, svage netv\u00e6rk og forsvarlige politikker)<\/h2>\n<h3>Hvorfor OCSP\/CRL fejler i garager og depoter<\/h3>\n<ul>\n<li>Svag\/intermitterende LTE\/5G<\/li>\n<li>Begr\u00e6nset udgang (firewalls\/captive portals)<\/li>\n<li>Latensf\u00f8lsomme valideringstrin<\/li>\n<li>Eksterne afh\u00e6ngigheder (OCSP-respondenter, CRL-distributionspunkter)<\/li>\n<\/ul>\n<p>Resultat: EVSE kan starte en session, men fuldf\u00f8res ikke <strong>tilbagekaldelsesvalidering<\/strong> p\u00e5lideligt.<\/p>\n<h3>CRL vs. OCSP: Praktiske afvejninger<\/h3>\n<ul>\n<li><strong>CRL:<\/strong> tungere downloads, men kan caches og opdateres til tiden (godt for kontinuitet i kanten).<\/li>\n<li><strong>OCSP:<\/strong> letv\u00e6gts pr. anmodning, men kr\u00e6ver ofte live tilg\u00e6ngelighed p\u00e5 den svageste kant.<\/li>\n<\/ul>\n<p>I 2026 er den korrekte kropsholdning lagdelt:<\/p>\n<ul>\n<li>Planlagt CRL-caching for robusthed<\/li>\n<li>OCSP hvor forbindelsen er p\u00e5lidelig<\/li>\n<li>Eksplicit politik for forringede forhold<\/li>\n<\/ul>\n<h3>Hvorfor &quot;soft fail&quot; bliver sv\u00e6rere at forsvare<\/h3>\n<p>Historisk set bevarede &quot;soft-fail&quot; (tillad session, hvis tilbagekaldelseskontroller har timeout) tilg\u00e6ngeligheden.<br \/>\nI 2026 bliver det sv\u00e6rere at retf\u00e6rdigg\u00f8re soft fail fordi:<\/p>\n<ul>\n<li>Levetiden er kortere (mindre tolerance over for for\u00e6ldede antagelser)<\/li>\n<li>CRA&#039;s rapporteringsur kr\u00e6ver st\u00e6rkere h\u00e6ndelsesdisciplin og bevisspor<\/li>\n<\/ul>\n<p>Et forsvarligt design kr\u00e6ver en eksplicit, dokumenteret politik:<\/p>\n<ul>\n<li><strong>H\u00e5rd fejl<\/strong> til offentlige\/h\u00f8jrisikomilj\u00f8er<\/li>\n<li><strong>N\u00e5de-med-bevis<\/strong> for lukkede fl\u00e5der (begr\u00e6nset vindue + kompenserende kontroller)<\/li>\n<li><strong>Bevislogning<\/strong> for hver eneste forringede beslutning<\/li>\n<\/ul>\n<h3>Arkitektoniske afb\u00f8dninger (m\u00f8nstre, ikke produktl\u00f8fter)<\/h3>\n<p><strong>M\u00f8nster 1: Forh\u00e5ndsvalidering af kant + caching<\/strong><\/p>\n<ul>\n<li>Cache-CRL&#039;er med definerede aktualitetsvinduer<\/li>\n<li>Cache-mellemprodukter og validerede k\u00e6der<\/li>\n<li>Forh\u00e5ndshentning i perioder med &quot;god forbindelse&quot;<\/li>\n<\/ul>\n<p><strong>M\u00f8nster 2: OCSP-h\u00e6ftning (hvor det er muligt)<\/strong><\/p>\n<p>OCSP-h\u00e6ftning flytter tilbagekaldelsesbevislevering v\u00e6k fra den svageste kant \u2013 hvilket reducerer live-afh\u00e6ngigheden af CA-infrastruktur under sessionsoprettelse.<\/p>\n<p><strong>Implementeringsnotat (indlejret virkelighed):<\/strong> I EVSE-milj\u00f8er skal du bekr\u00e6fte underst\u00f8ttelse af h\u00e6fterelaterede udvidelser.<br \/>\ni din integrerede TLS-stak og build-konfiguration (f.eks. mbedTLS, wolfSSL) og validere adf\u00e6rd p\u00e5 tv\u00e6rs af \u00e6ldre hardware,<br \/>\nfordi funktionsfuldst\u00e6ndighed og hukommelses-\/RTOS-begr\u00e6nsninger varierer.<\/p>\n<p><strong>M\u00f8nster 3: Multi-root trust governance<\/strong><\/p>\n<ul>\n<li>Samlet opdateringskanal for tillidslager til flere OEM-ankre<\/li>\n<li>Canary-opdateringer + rollback n\u00e5r der opst\u00e5r en stigning i fejl i stiopbygningen<\/li>\n<\/ul>\n<p><strong>M\u00f8nster 4: Tidssynkroniseringsstyring (ikke til forhandling)<\/strong><\/p>\n<ul>\n<li>NTP-politik (eller PTP, hvor det er relevant)<\/li>\n<li>Driftoverv\u00e5gning og alarmt\u00e6rskler<\/li>\n<li>Defineret adf\u00e6rd, n\u00e5r ure ikke er tillidsfulde<\/li>\n<\/ul>\n<h2>Offline-kontinuitet: holder Plug &amp; Charge brugbar under afbrydelser fra edge til cloud<\/h2>\n<h3>Hvad offline kontinuitet er (og ikke er)<\/h3>\n<p>Offline kontinuitet er ikke at &quot;omg\u00e5 PKI&quot;. Det er kontrolleret nedbrydning, der bevarer:<\/p>\n<ul>\n<li>N\u00f8glernes integritet og tillidsbutikker<\/li>\n<li>Revisionsmulighed for fakturering og h\u00e6ndelsesrespons<\/li>\n<li>Eksplicitte gr\u00e6nser for, hvad der kan valideres lokalt (og hvor l\u00e6nge)<\/li>\n<\/ul>\n<h3>Lokale controllere \/ Edge Proxies som tilg\u00e6ngelighedsprimitiver<\/h3>\n<ul>\n<li>Vedligehold lokale tillidscacher (ankre\/mellemprodukter\/CRL&#039;er)<\/li>\n<li>H\u00e5ndh\u00e6v begr\u00e6nsede lokale godkendelsespolitikker<\/li>\n<li>Bufferm\u00e5ling\/logfiler til senere afstemning<\/li>\n<li>Reducer WAN-eksplosionsradius ved at fungere som det lokale slutpunkt for EVSE<\/li>\n<\/ul>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Figur 2 (anbefalet visuel): Edge Proxy som en trustcache p\u00e5 websteder med svagt netv\u00e6rk<\/strong><\/p>\n<p>(Viser EVSE&#039;er, der opretter forbindelse til en on-site Edge Proxy\/Local Controller. Proxy&#039;en vedligeholder cachelagrede tillidsankre\/mellemprodukter,<br \/>\nplanlagt CRL-opdatering, tidssynkroniseret overv\u00e5gning og bevislogfiler; den bufferer h\u00e6ndelser til cloud-CSMS\/PKI, n\u00e5r uplink er ustabilt.)<\/p>\n<p><strong>Kernebudskab:<\/strong> Edge-proxyer reducerer live-afh\u00e6ngigheden af eksterne OCSP\/CRL-slutpunkter og muligg\u00f8r kontrolleret offline-kontinuitet uden at omg\u00e5 PKI.<\/p><\/blockquote>\n<h2>CRA &amp; VMP: fra september 2026 rapporteringsfrister til en revisionsbar driftsmodel<\/h2>\n<h3>Regler for rapportering af kreditvurderingsbureauer: design til 24\/72 timer<\/h3>\n<p>Regler for rapportering af kreditvurderingsinstitutter kr\u00e6ver, at producenter anmelder aktivt udnyttede s\u00e5rbarheder og alvorlige h\u00e6ndelser, der har indflydelse<br \/>\nom sikkerheden af produkter med digitale elementer:<\/p>\n<ul>\n<li><strong>Tidlig advarsel inden for 24 timer<\/strong> at blive bevidst<\/li>\n<li><strong>Fuld besked inden for 72 timer<\/strong><\/li>\n<li><strong>Endelig rapport<\/strong> inden for definerede vinduer (afh\u00e6ngigt af h\u00e6ndelsesklasse)<\/li>\n<\/ul>\n<p>En omfattende Plug &amp; Charge-forstyrrelse for\u00e5rsaget af massetilbagekaldelse eller et kompromitteret trust-anker <strong>kan kvalificere sig<\/strong><br \/>\nsom en alvorlig h\u00e6ndelse afh\u00e6ngigt af p\u00e5virkning og beviser for udnyttelse.<\/p>\n<h3>S\u00e5rbarhedsstyringsproces (VMP): minimum levedygtige funktioner<\/h3>\n<ol>\n<li><strong>Fl\u00e5dens sandhed:<\/strong> aktiv + versionsinventar (EVSE-firmware, controller-billeder, trust store-versioner).<\/li>\n<li><strong>SBOM-integration (dynamisk):<\/strong> SBOM kortlagt til udrullelige artefakter; kontinuerlig korrelation med s\u00e5rbarhedsinformation.<\/li>\n<li><strong>VEX-drevet eksponeringsstyring:<\/strong> Vedligehold VEX-erkl\u00e6ringer for at skelne mellem &quot;til stede, men ikke udnyttelig&quot; og &quot;udnyttelig i vores implementering&quot;, hvilket muligg\u00f8r trov\u00e6rdig scoping inden for T+24h-vinduet.<\/li>\n<li><strong>Hvorfor VEX er vigtig under 24-timers uret:<\/strong> SBOM fort\u00e6ller dig, hvad der er til stede; VEX hj\u00e6lper dig med at bestemme, hvad der er <strong>udnyttelig<\/strong>, hvilket reducerer falske alarmer og forhindrer operationsteams i at jagte st\u00f8j, der ikke kan udnyttes.<\/li>\n<li><strong>Indtagelse og triage:<\/strong> leverand\u00f8rr\u00e5dgivning, CVE&#039;er, interne fund; prioriter udnyttelsesevne + eksponering.<\/li>\n<li><strong>T+24h scoping-arbejdsgang:<\/strong> SBOM + VEX + opg\u00f8relseskorrelation til identifikation af ber\u00f8rte populationer; indledende indd\u00e6mningsbeslutninger; evidensindsamling.<\/li>\n<li><strong>T+72h notifikationsworkflow:<\/strong> bekr\u00e6ftet omfang, afb\u00f8dninger, udrulning\/tilbagef\u00f8ringsplan, kommunikationsjournal.<\/li>\n<li><strong>Arbejdsgang i den endelige rapport:<\/strong> valideringsevidens + rod\u00e5rsag + forebyggelsesforbedringer efter tilg\u00e6ngelighed af korrigerende foranstaltninger.<\/li>\n<li><strong>Patch-kadenceteknik:<\/strong> Etappevis udrulning, rollback-planer, underskrevne artefakter, verifikationsportale.<\/li>\n<li><strong>H\u00e5ndh\u00e6velse af tillidsk\u00e6den:<\/strong> sikker opstart + sikre firmwareopdateringer; signeringsn\u00f8gler beskyttet i HSM\/sikre elementer.<\/li>\n<li><strong>Evidensbaseret logf\u00f8ring:<\/strong> Cert-h\u00e6ndelser, \u00e6ndringer i tillidslager, tilbagekaldelsesfejl, tilstand af tidssynkronisering.<\/li>\n<\/ol>\n<p><strong>H\u00f8jt alvorsniveau for tillid:<\/strong> Hvis tilbagekaldelsen udl\u00f8ses af en kompromitteret root- eller udstedende n\u00f8gle,<br \/>\nbehandle det som en tillidsh\u00e6ndelse af h\u00f8jeste alvorlighed, der kr\u00e6ver \u00f8jeblikkelig indd\u00e6mning og fl\u00e5deomfattende tillidsh\u00e5ndteringshandlinger,<br \/>\nog rapporteringsparathed tilpasset CRA-vurderingsmyndighederne afh\u00e6ngigt af effekt og udnyttelsesbeviser.<\/p>\n<h3>CRA-tjekliste til nedt\u00e6lling af h\u00e6ndelser (operationel skabelon)<\/h3>\n<h4>T+0 (Detektion \/ Opm\u00e6rksomhed)<\/h4>\n<ul>\n<li>Frys bevismateriale: logfiler, certifikath\u00e6ndelser, versioner af tillidslager, status for tidssynkronisering<\/li>\n<li>Identific\u00e9r ber\u00f8rte overflader: EVSE-firmware, lokale controllere, backend TLS-slutpunkter<\/li>\n<li>Kontakt PKI-udbyder\/backend-sikkerhedskontakt<\/li>\n<\/ul>\n<h4>T+24h (Tidlig varslingsberedskab)<\/h4>\n<ul>\n<li><strong>Kernem\u00e5l:<\/strong> Bruge <strong>SBOM + VEX + fl\u00e5debeholdning<\/strong> at bestemme den ber\u00f8rte befolkning og indsende en evidensbaseret tidlig varsling<\/li>\n<li>Beslut indd\u00e6mning: tilbagekald\/roter, tilbagerulning af trust-store, isolering af websted<\/li>\n<li>Udkast til tidlig varslingspakke: omfang, afb\u00f8dende foranstaltninger i gang, midlertidig holdning<\/li>\n<\/ul>\n<h4>T+72t (Fuld beredskab til notifikationer)<\/h4>\n<ul>\n<li>Bekr\u00e6ft ber\u00f8rte populationer efter region\/sted; angiv afhj\u00e6lpningsplan + udrulningsmetode<\/li>\n<li>Udarbejd kunde-\/operat\u00f8rkommunikation og eskaleringsrapport<\/li>\n<\/ul>\n<h4>Vindue for endelig rapport<\/h4>\n<ul>\n<li>Indsend endelig rapport i overensstemmelse med CRA-krav (tidspunktet afh\u00e6nger af h\u00e6ndelsesklasse)<\/li>\n<li>Beviser for validering efter reparation + erfaringer<\/li>\n<\/ul>\n<h2>Kvantificering af omkostninger og risici (skabeloner, du kan integrere i din fl\u00e5de)<\/h2>\n<h3>Manuel fornyelsesmodel for arbejdsomkostninger<\/h3>\n<p>Lade:<\/p>\n<ul>\n<li><code>N<\/code> = antal TLS-slutpunkter (EVSE + controllere + gateways + administrerede backend-noder)<\/li>\n<li><code>L<\/code> = cert levetid (dage)<\/li>\n<li><code>t<\/code> = menneskelig tid pr. fornyelse (timer)<\/li>\n<li><code>c<\/code> = fuldt lastet l\u00f8nomkostninger (USD\/time)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Arbejdsomkostning \u2248 N \u00d7 (365 \/ L) \u00d7 t \u00d7 c<\/code><\/pre>\n<h3>Risikomodel for nedbrud (udl\u00f8b eller mislykket implementering)<\/h3>\n<p>Lade:<\/p>\n<ul>\n<li><code>P_miss<\/code> = sandsynlighed for misset\/mislykket fornyelse pr. cyklus<\/li>\n<li><code>H_ned<\/code> = forventede nedetid i timer pr. h\u00e6ndelse<\/li>\n<li><code>C_time<\/code> = timebaseret forretningsp\u00e5virkning (tabt oms\u00e6tning, b\u00f8der, SLA-kreditter)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Omkostningsafbrydelse \u2248 P_miss \u00d7 H_down \u00d7 C_time<\/code><\/pre>\n<h2>Beslutningsvejledning: N\u00e5r online tilbagekaldelseskontroller mislykkes (OCSP\/CRL Timeout)<\/h2>\n<ol>\n<li><strong>Offentlig plads eller lukket fl\u00e5de\/depot?<\/strong>\n<ul>\n<li>Offentlig \u2192 foretr\u00e6kker <strong>H\u00e5rd fejl<\/strong> (eller strengt kontrolleret n\u00e5de kun med beviser + kompenserende kontroller)<\/li>\n<li>Fl\u00e5de\/depot \u2192 <strong>N\u00e5de-med-bevis<\/strong> kan v\u00e6re acceptabelt for begr\u00e6nsede vinduer<\/li>\n<\/ul>\n<\/li>\n<li><strong>Er netv\u00e6rkets p\u00e5lidelighed forudsigelig?<\/strong>\n<ul>\n<li>Ja \u2192 Online OCSP\/CRL + overv\u00e5gning<\/li>\n<li>Nej \u2192 <strong>Edge-forh\u00e5ndsvalidering + caching<\/strong> (CRL-opdateringsvinduer, cachelagrede k\u00e6der)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Kan du reducere onlineafh\u00e6ngighed under sessionen?<\/strong>\n<ul>\n<li>Hvor det er muligt \u2192 vedtag <strong>OCSP h\u00e6ftem\u00f8nster<\/strong> (tryksikker t\u00e6ttere p\u00e5 kanten)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Har I bevislogning + tidssynkroniseringsstyring?<\/strong>\n<ul>\n<li>Hvis ikke \u2192 reparer disse f\u00f8rst; degraderede politikker er sv\u00e6re at forsvare uden dem<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>Praktisk ansvarsmatrix (gr\u00e6nser, der forhindrer str\u00f8mafbrydelser)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Rolle<\/th>\n<th>Udstedelse<\/th>\n<th>Validering<\/th>\n<th>Rapportering<\/th>\n<th>Opdater kadence<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CPO&#039;er<\/strong><\/td>\n<td>TLS\/identitetsstrategi; h\u00e5ndh\u00e6v automatisk fornyelse; vedligehold endpoint-lager; planl\u00e6g for CA-overf\u00f8rselsadf\u00e6rd (199-dages udstedelse fra 24. februar for DigiCert)<\/td>\n<td>Definer politik for hard\/soft-fail; aktualitet af tilbagekaldelsesartefakter; <strong>Tidssynkroniseringsstyring<\/strong> (NTP\/PTP, driftoverv\u00e5gning, alarmer)<\/td>\n<td>Drift af handlingsplaner for h\u00e6ndelser; fremme af rapporteringsparathed tilpasset CRA (24\/72 timer\/endelig)<\/td>\n<td>L\u00f8bende udl\u00f8bsoverv\u00e5gning; opdatering af trust-store; n\u00f8d\u00e6ndringer af trust-anker; tidssynkroniserede revisioner<\/td>\n<\/tr>\n<tr>\n<td><strong>EVSE OEM&#039;er<\/strong><\/td>\n<td>Hardwarebaseret n\u00f8glelagring; enhedsidentitetsstatus; automatiseringshooks; sikre opstarts-\/opdateringsprimitiver<\/td>\n<td>TLS-status; k\u00e6deopbygning; tilbagekaldelsesadf\u00e6rd; administration af trust-store; sikker opstart + sikker firmwareopdateringsk\u00e6de<\/td>\n<td>H\u00e5ndtering af produkts\u00e5rbarheder; r\u00e5dgivning; afhj\u00e6lpningspakker; support til operat\u00f8rrapportering med tekniske fakta<\/td>\n<td>Regelm\u00e6ssige udgivelser + n\u00f8dopdateringer; definerede supportvinduer; n\u00f8glerotationsh\u00e5ndb\u00f8ger<\/td>\n<\/tr>\n<tr>\n<td><strong>Backend \/ V2G PKI-udbydere<\/strong><\/td>\n<td>Udstedelse af kontrakt\u00f8kosystemer (hvor det er omfattet); CA\/RA-operationer; udstedelsespolitik<\/td>\n<td>Backend-validering; OCSP\/CRL-tilg\u00e6ngelighed; styring af tillidsanker<\/td>\n<td>Angiv fakta om h\u00e6ndelser\/s\u00e5rbarheder; st\u00f8t CRA&#039;s tidslinjedokumentationspakker<\/td>\n<td>Hyppige opdateringer af politikker\/trustankere; OCSP\/CRL-robusthedsteknik; l\u00f8bende overv\u00e5gning<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Ordliste<\/h2>\n<ul>\n<li><strong>PKI:<\/strong> Offentlig n\u00f8gleinfrastruktur (udstedelse, validering, tillidsankre, tilbagekaldelse)<\/li>\n<li><strong>ACME:<\/strong> Automatiseret certifikatstyringsmilj\u00f8 (automatiseret udstedelse\/fornyelse)<\/li>\n<li><strong>OCSP \/ CRL:<\/strong> Online certifikatstatusprotokol \/ certifikattilbagekaldelsesliste<\/li>\n<li><strong>OCSP-h\u00e6ftning:<\/strong> Serveren fremviser bevis for tilbagekaldelse for at reducere afh\u00e6ngighed af live OCSP<\/li>\n<li><strong>Tillidsankre:<\/strong> Rod-\/mellemliggende certifikater, som dine validatorer har tillid til<\/li>\n<li><strong>SBOM:<\/strong> Software-materialeliste (komponentfortegnelse til vurdering af s\u00e5rbarheder)<\/li>\n<li><strong>VEX:<\/strong> S\u00e5rbarhed Udnyttelsesevne eXchange (statusudsagn om udnyttelsesevne)<\/li>\n<li><strong>TLS 1.3:<\/strong> Moderne TLS-profil; handshake + certifikatvalidering forbliver latenstidsf\u00f8lsom<\/li>\n<li><strong>VMP:<\/strong> S\u00e5rbarhedsh\u00e5ndteringsproces (indtagelse, triage, patching, rapportering, bevismateriale)<\/li>\n<\/ul>\n<h2>Fremadrettet risiko: Kryptoagilitet og PQC-beredskab<\/h2>\n<p>Mens 2026 er domineret af korte TLS-levetider og rapportering fra CRA&#039;er, b\u00f8r opladningsinfrastrukturer begynde at evalueres<br \/>\n<strong>krypto-agilitet<\/strong>Med langtidsholdbare aktiver (k\u00f8ret\u00f8jer og opladere) b\u00f8r arkitekturer undg\u00e5 hardware-l\u00e5sning ved at sikre<br \/>\nHSM\/sikre elementer og indlejrede stakke kan underst\u00f8tte fremtidige algoritme- og certifikatprofilopdateringer uden at kr\u00e6ve en hardwareopdatering.<\/p>\n<h2>Ofte stillede sp\u00f8rgsm\u00e5l<\/h2>\n<h3>Kan Plug &amp; Charge fungere offline?<\/h3>\n<p>Delvist \u2014 efter design. Offline P&amp;C er kontrolleret nedbrydning ved hj\u00e6lp af lokal tillids-caching (ankre\/mellemprodukter\/CRL&#039;er hvor det er muligt),<br \/>\neksplicitte grace-politikker og bufferede revisionslogfiler til afstemning. Den b\u00f8r ikke omg\u00e5 PKI; den b\u00f8r reducere afh\u00e6ngigheden af live cloud.<br \/>\nsamtidig med at integritet og revisionsbarhed bevares.<\/p>\n<h3>Hvor ofte skal vi forny certifikater med en levetid p\u00e5 under 199\/200 dage?<\/h3>\n<p>Planl\u00e6g flere fornyelsescyklusser pr. \u00e5r pr. slutpunkt. For mange operat\u00f8rer starter den operationelle overgang<br \/>\n<strong>24. februar 2026<\/strong> fordi DigiCert vil udstede offentlige TLS-certifikater med et maksimum <strong>199-dages<\/strong> gyldighed fra den dato.<br \/>\nP\u00e5 det bredere \u00f8kosystemniveau definerer basiskravene en gradvis reduktion til <strong>200\/100\/47 dage<\/strong>.<\/p>\n<h3>Hvad udl\u00f8ser CRA-indberetningsforpligtelser?<\/h3>\n<p>Regler for kreditvurderingsbureauets indberetning kr\u00e6ver <strong>24-timers tidlig varsling<\/strong> og <strong>72-timers notifikation<\/strong> for aktivt udnyttede s\u00e5rbarheder og alvorlige h\u00e6ndelser,<br \/>\nplus endelige rapporteringsvinduer. En omfattende forstyrrelse af P&amp;C-tillidsforholdet (f.eks. ondsindet tilbagekaldelse eller valideringskompromittering) kan v\u00e6re kvalificeret afh\u00e6ngigt af<br \/>\nbaseret p\u00e5 beviser for virkning og udnyttelse; en CRA-klar VMP b\u00f8r underst\u00f8tte <strong>SBOM + VEX + fl\u00e5debeholdning<\/strong> scoping inden for de f\u00f8rste 24 timer.<\/p>\n<\/article>","protected":false},"excerpt":{"rendered":"<p>TL;DR (Executive Action Summary) TLS cutover is a hard boundary (not a suggestion): From February 24, 2026, DigiCert will stop accepting public TLS certificate requests with validity greater than 199 days, and certificates issued from that date have a 199-day maximum validity. This is the practical cutover for many operators\u2014renewal velocity increases immediately. The 200\u2192100\u219247-day [&hellip;]<\/p>","protected":false},"author":3,"featured_media":37917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[143,142,158,146,151,152,159,157,99,153,141,147,149,150,145,98,154,144,148,155,156],"class_list":["post-38532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-acme","tag-certificate-lifecycle","tag-cra-compliance","tag-crl","tag-cross-signing","tag-edge-proxy","tag-ev-charging-infrastructure-2026","tag-evse-security","tag-iso-15118","tag-local-controller","tag-ocsp","tag-ocsp-stapling","tag-offline-charging","tag-path-validation","tag-pki","tag-plug-charge","tag-sbom","tag-tls-1-3","tag-trust-anchors","tag-vex","tag-vulnerability-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)<\/title>\n<meta name=\"description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.evb.com\/da\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"da_DK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)\" \/>\n<meta property=\"og:description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.evb.com\/da\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"EVB\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-12T07:13:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-16T12:39:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"evb\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Skrevet af\" \/>\n\t<meta name=\"twitter:data1\" content=\"evb\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimeret l\u00e6setid\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutter\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"author\":{\"name\":\"evb\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\"},\"headline\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"wordCount\":2523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"keywords\":[\"ACME\",\"Certificate Lifecycle\",\"CRA Compliance\",\"CRL\",\"Cross-signing\",\"Edge Proxy\",\"EV Charging Infrastructure 2026\",\"EVSE Security\",\"ISO 15118\",\"Local Controller\",\"OCSP\",\"OCSP Stapling\",\"Offline Charging\",\"Path Validation\",\"PKI\",\"Plug &amp; Charge\",\"SBOM\",\"TLS 1.3\",\"Trust Anchors\",\"VEX\",\"Vulnerability Management\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"da-DK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\\\/200-Day + CRA 24h\\\/72h)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"description\":\"Manage ISO 15118 certificates in 2026: 199\\\/200-day TLS renewals, ACME automation, revocation failures (OCSP\\\/CRL), offline Plug & Charge, and CRA 24h\\\/72h reporting readiness.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\"},\"inLanguage\":\"da-DK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"width\":1280,\"height\":721,\"caption\":\"EVB 4 Guns 480kw dc ev charger with energy storage battery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.evb.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"name\":\"EVB\",\"description\":\"Smart EV Charging &amp; Energy Storage Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.evb.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"da-DK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\",\"name\":\"EVB\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"width\":605,\"height\":626,\"caption\":\"EVB\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\",\"name\":\"evb\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"caption\":\"evb\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.evb.com\/da\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_locale":"da_DK","og_type":"article","og_title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","og_description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","og_url":"https:\/\/www.evb.com\/da\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_site_name":"EVB","article_published_time":"2026-01-12T07:13:14+00:00","article_modified_time":"2026-01-16T12:39:19+00:00","og_image":[{"width":1280,"height":721,"url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","type":"image\/webp"}],"author":"evb","twitter_card":"summary_large_image","twitter_misc":{"Skrevet af":"evb","Estimeret l\u00e6setid":"11 minutter"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#article","isPartOf":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"author":{"name":"evb","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0"},"headline":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"wordCount":2523,"commentCount":0,"publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","keywords":["ACME","Certificate Lifecycle","CRA Compliance","CRL","Cross-signing","Edge Proxy","EV Charging Infrastructure 2026","EVSE Security","ISO 15118","Local Controller","OCSP","OCSP Stapling","Offline Charging","Path Validation","PKI","Plug &amp; Charge","SBOM","TLS 1.3","Trust Anchors","VEX","Vulnerability Management"],"articleSection":["Blog"],"inLanguage":"da-DK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","url":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","name":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","isPartOf":{"@id":"https:\/\/www.evb.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","breadcrumb":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb"},"inLanguage":"da-DK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","width":1280,"height":721,"caption":"EVB 4 Guns 480kw dc ev charger with energy storage battery"},{"@type":"BreadcrumbList","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.evb.com\/"},{"@type":"ListItem","position":2,"name":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.evb.com\/#website","url":"https:\/\/www.evb.com\/","name":"EVB","description":"Smart EV Charging &amp; Energy Storage Solutions","publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.evb.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"da-DK"},{"@type":"Organization","@id":"https:\/\/www.evb.com\/#organization","name":"EVB","url":"https:\/\/www.evb.com\/","logo":{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","width":605,"height":626,"caption":"EVB"},"image":{"@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0","name":"evb","image":{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","caption":"evb"}}]}},"_links":{"self":[{"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/posts\/38532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/comments?post=38532"}],"version-history":[{"count":5,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/posts\/38532\/revisions"}],"predecessor-version":[{"id":38581,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/posts\/38532\/revisions\/38581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/media\/37917"}],"wp:attachment":[{"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/media?parent=38532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/categories?post=38532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evb.com\/da\/wp-json\/wp\/v2\/tags?post=38532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}