{"id":38532,"date":"2026-01-12T15:13:14","date_gmt":"2026-01-12T07:13:14","guid":{"rendered":"https:\/\/www.evb.com\/?p=38532"},"modified":"2026-01-16T20:39:19","modified_gmt":"2026-01-16T12:39:19","slug":"iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance","status":"publish","type":"post","link":"https:\/\/www.evb.com\/ro\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","title":{"rendered":"Managementul ciclului de via\u021b\u0103 al certificatului ISO 15118 \u00een 2026: De la urgen\u021ba TLS la conformitatea CRA"},"content":{"rendered":"<article>\n<div class=\"mceTemp\"><\/div>\n<figure id=\"attachment_36118\" aria-describedby=\"caption-attachment-36118\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-36118\" title=\"Prezentare general\u0103 a liniei de produse de \u00eenc\u0103rcare \u0219i stocare a energiei EVB\" src=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg\" alt=\"Portofoliul EVB de \u00eenc\u0103rc\u0103toare EV AC \u0219i DC \u0219i sisteme comerciale de stocare a energiei\" width=\"635\" height=\"397\" srcset=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg 2560w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-1536x960.jpeg 1536w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-2048x1280.jpeg 2048w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-18x12.jpeg 18w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-600x375.jpeg 600w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-768x480.jpeg 768w\" sizes=\"auto, (max-width: 635px) 100vw, 635px\" \/><figcaption id=\"caption-attachment-36118\" class=\"wp-caption-text\"><a href=\"https:\/\/www.evb.com\/ro\/\">EVB ofer\u0103 o gam\u0103 complet\u0103 de \u00eenc\u0103rc\u0103toare EV AC \u0219i DC<\/a><\/figcaption><\/figure>\n<h2>TL;DR (Rezumatul Ac\u021biunilor Executive)<\/h2>\n<ul>\n<li><strong>Transi\u021bia TLS este o limit\u0103 rigid\u0103 (nu o sugestie):<\/strong> Din <strong>24 februarie 2026<\/strong>, DigiCert va <strong>nu mai accepta<\/strong> cereri de certificate TLS publice cu validitate <strong>mai mult de 199 de zile<\/strong>, iar certificatele emise de la acea dat\u0103 au o <strong>Valabilitate maxim\u0103 de 199 de zile<\/strong>Aceasta este tranzi\u021bia practic\u0103 pentru mul\u021bi operatori - viteza de re\u00eennoire cre\u0219te imediat.<\/li>\n<li><strong>Foaia de parcurs de 200\u2192100\u219247 de zile este deja definit\u0103:<\/strong> Cerin\u021bele de baz\u0103 ale CA\/Browser Forum au stabilit o reducere etapizat\u0103: <strong>200 de zile de la 15 martie 2026<\/strong>, <strong>100 de zile de la 15 martie 2027<\/strong>\u0219i <strong>47 de zile de la 15 martie 2029<\/strong>.<\/li>\n<li><strong>ARC adaug\u0103 un ceas de conformitate:<\/strong> Regulile de raportare ale ARC impun <strong>avertizare timpurie \u00een termen de 24 de ore<\/strong>, <strong>notificare complet\u0103 \u00een termen de 72 de ore<\/strong>\u0219i a definit ferestre de raportare final\u0103 pentru vulnerabilit\u0103\u021bile exploatate activ \u0219i incidentele severe.<\/li>\n<li><strong>Principalul risc ascuns nu este expirarea:<\/strong> Modul de defec\u021biune sistemic\u0103 este <strong>deriv\u0103 a ancorei de \u00eencredere<\/strong>\u2014modific\u0103rile r\u0103d\u0103cinilor\/intermediarilor\/semn\u0103rilor \u00eencruci\u0219ate nu sunt sincronizate \u00eentre EVSE, controlerele locale \u0219i c\u0103ile de validare backend.<\/li>\n<li><strong>Prima investi\u021bie pentru protejarea timpului de func\u021bionare:<\/strong> Automatizare condus\u0103 de sistem (ACME + inventar + implementare etapizat\u0103) plus <strong>continuitatea muchiei<\/strong> (validare\/memorare \u00een cache local\u0103, jurnale de eviden\u021b\u0103 \u0219i guvernan\u021b\u0103 a sincroniz\u0103rii temporale).<\/li>\n<\/ul>\n<h2>Introducere: 2026 transform\u0103 Plug &amp; Charge \u00eentr-un sistem opera\u021bional<\/h2>\n<p>\u00cen 2026, func\u021bia Plug &amp; Charge (P&amp;C) nu va mai fi o func\u021bie de tip \u201eseteaz\u0103 \u0219i uit\u0103\u201d \u0219i va deveni o <strong>sistem de operare continuu<\/strong>.<br \/>\nPlanul de \u00eencredere ISO 15118 (PKI + TLS + revocare + actualiz\u0103ri) este acum guvernat de cronologii care nu tolereaz\u0103 fluxuri de lucru manuale.<\/p>\n<p>Pentru a \u00een\u021belege limitele sistemului - pentru ce este responsabil ISO 15118 vs. pentru ce este responsabil OCPP - \u00eencepe\u021bi cu articolul nostru \u00eenso\u021bitor:<br \/>\n<a href=\"https:\/\/www.evb.com\/ro\/iso-15118-ocpp-in-2026-real-world-deployment-pki-and-grid-readiness\/\">Realitatea implement\u0103rii ISO 15118 vs. OCPP \u00een 2026<\/a>.<\/p>\n<p>Presiunea imediat\u0103 este <strong>Compresia ciclului de via\u021b\u0103 TLS<\/strong>Din punct de vedere opera\u021bional, nu po\u021bi \u201ea\u0219tepta p\u00e2n\u0103 \u00een martie\u201d.<br \/>\nDigiCert va <strong>nu mai accepta<\/strong> cererile TLS publice dep\u0103\u0219esc <strong>199 de zile<\/strong> pornire <strong>24 februarie 2026<\/strong>,<br \/>\n\u0219i certificatele emise \u00eencep\u00e2nd cu acea zi vor avea un <strong>Valabilitate maxim\u0103 de 199 de zile<\/strong>.<br \/>\nDigiCert subliniaz\u0103, de asemenea, un detaliu opera\u021bional critic: validitatea maxim\u0103 permis\u0103 este guvernat\u0103 de <strong>data emiterii<\/strong>, nu atunci c\u00e2nd este plasat\u0103 comanda.<\/p>\n<p>\u00cen acela\u0219i timp, Legea UE privind rezilien\u021ba cibernetic\u0103 (CRA) introduce un al doilea ceas: normele de raportare impun<br \/>\n<strong>Avertizare timpurie de 24 de ore<\/strong> \u015fi <strong>Notificare cu 72 de ore \u00eenainte<\/strong> pentru vulnerabilit\u0103\u021bi exploatate activ \u0219i incidente severe care afecteaz\u0103 produsele cu elemente digitale.<\/p>\n<p>Acest ghid se concentreaz\u0103 pe arhitectura \u0219i controalele de risc pentru operarea certificatelor ISO 15118 \u00een cadrul acestor constr\u00e2ngeri.<\/p>\n<h2>Repere \u0219i ac\u021biuni necesare pentru perioada 2024\u20132026 (Gantt \u00een format text)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Fereastr\u0103<\/th>\n<th>S2 2024<\/th>\n<th>S1 2025<\/th>\n<th>S2 2025<\/th>\n<th><strong>24 februarie 2026<\/strong><\/th>\n<th><strong>15 martie 2026<\/strong><\/th>\n<th><strong>11 septembrie 2026<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Schimbare extern\u0103<\/strong><\/td>\n<td>Semnale de tranzi\u021bie CA<\/td>\n<td>Automatizare pilot<\/td>\n<td>Burghie de ancorare Trust<\/td>\n<td><strong>\u00cencepe emiterea DigiCert \u00een 199 de zile<\/strong><\/td>\n<td><strong>\u00cencepe faza de plafonare a BR de 200 de zile<\/strong><\/td>\n<td>Obliga\u021bii de raportare ARC active (conform ghidului)<\/td>\n<\/tr>\n<tr>\n<td><strong>Ce s\u0103 fac<\/strong><\/td>\n<td>Puncte finale de inventar<\/td>\n<td>Pilot ACME + telemetrie<\/td>\n<td>Strategie offline + lansare de tip trust-store<\/td>\n<td>\u00cenghe\u021barea c\u0103ilor de re\u00eennoire manual\u0103<\/td>\n<td>Re\u00eennoiri complete conduse de sistem<\/td>\n<td>Efectua\u021bi exerci\u021bii de simulare CRA + dovezi<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Not\u0103 opera\u021bional\u0103:<\/strong> 24 februarie 2026 este adesea adev\u0103ratul punct de tranzi\u021bie, deoarece comportamentul de emitere se schimb\u0103 atunci pentru autorit\u0103\u021bile competente majore.<\/p>\n<p><strong>Not\u0103 privind politica:<\/strong> Reducerile fazate ale duratei de via\u021b\u0103 sunt definite \u00een Cerin\u021bele de baz\u0103 (200\/100\/47 de zile).<\/p>\n<h2>Peisajul ciclului de via\u021b\u0103: Aprovizionare \u2192 Operare \u2192 Re\u00eennoire \u2192 Revocare<\/h2>\n<h3>Harta ciclului de via\u021b\u0103 (ce trebuie s\u0103 po\u021bi opera)<\/h3>\n<ol>\n<li><strong>Aprovizionare OEM:<\/strong> Chei generate\/injectate; r\u0103d\u0103cina de \u00eencredere stabilit\u0103 (HSM\/element securizat).<\/li>\n<li><strong>\u00censcrierea contractului:<\/strong> Certificate contractuale legate de contractele utilizatorilor (dependente de ecosistem).<\/li>\n<li><strong>Punere \u00een func\u021biune EVSE:<\/strong> Au fost stabilite niveluri de referin\u021b\u0103 pentru depozitele de \u00eencredere, politici \u0219i niveluri de referin\u021b\u0103 pentru sincronizarea temporal\u0103.<\/li>\n<li><strong>Validare opera\u021bional\u0103:<\/strong> Str\u00e2ngeri de m\u00e2n\u0103 TLS, construire de lan\u021buri, verificare a revoc\u0103rilor, aplicarea politicilor.<\/li>\n<li><strong>Re\u00eennoire \/ reemitere:<\/strong> Automatizare + implementare etapizat\u0103 + revenire la versiunea ini\u021bial\u0103.<\/li>\n<li><strong>Revocare \/ r\u0103spuns la incident:<\/strong> Compromis\/emitere gre\u0219it\u0103\/exploatare \u2192 revocare\/rotire\/recuperare.<\/li>\n<li><strong>Recuperare \u0219i reconciliere:<\/strong> Restaura\u021bi serviciul, p\u0103str\u00e2nd \u00een acela\u0219i timp auditabilitatea \u0219i integritatea factur\u0103rii.<\/li>\n<\/ol>\n<h3>Punctul de e\u0219ec subestimat: Deriva ancorei \u00eencrederii<\/h3>\n<p>Majoritatea \u201eerorilor misterioase ale P&amp;C\u201d din mediile multi-OEM nu sunt cauzate de un singur certificat expirat - sunt<br \/>\n<strong>e\u0219ecuri de validare a c\u0103ii<\/strong> cauzat\u0103 de devia\u021bia ancorei de \u00eencredere:<\/p>\n<ul>\n<li>Apar noi r\u0103d\u0103cini\/intermediari (realitate cu mai multe r\u0103d\u0103cini).<\/li>\n<li><strong>Semnarea \u00eencruci\u0219at\u0103<\/strong> modific\u0103rile modific\u0103 lan\u021burile fezabile.<\/li>\n<li>Stocurile de \u00eencredere backend se actualizeaz\u0103 mai rapid dec\u00e2t EVSE\/controlerele locale.<\/li>\n<li>Artefactele de revocare devin \u00eenvechite la margine.<\/li>\n<\/ul>\n<p>Trata\u021bi actualiz\u0103rile ancorei de \u00eencredere ca pe un proces de schimbare critic pentru siguran\u021b\u0103:<\/p>\n<ul>\n<li>Depozite de \u00eencredere versionate<\/li>\n<li>Lans\u0103ri Canary<\/li>\n<li>Planuri de revenire<\/li>\n<li>Telemetrie privind e\u0219ecurile de validare dup\u0103 emitent\/serie\/cale<\/li>\n<li>Un proprietar explicit pentru \u201ecine actualizeaz\u0103 ce, c\u00e2nd\u201d<\/li>\n<\/ul>\n<p><strong>E\u0219ecuri \u00een ceea ce prive\u0219te semnarea \u00eencruci\u0219at\u0103 \u0219i construirea de trasee (realitatea anului 2026):<\/strong> \u00cen ecosistemele ISO 15118 cu mai multe r\u0103d\u0103cini,<br \/>\nFunc\u021bia Plug &amp; Charge e\u0219ueaz\u0103 adesea nu pentru c\u0103 un certificat este invalid, ci pentru c\u0103 EVSE nu poate construi unul valid.<br \/>\n<strong>calea certificatului<\/strong> dup\u0103 modific\u0103rile aduse semn\u0103rii \u00eencruci\u0219ate (intermediari noi, autorit\u0103\u021bi de certificare punte, lan\u021buri reemise).<br \/>\nPe m\u0103sur\u0103 ce mai mul\u021bi produc\u0103tori de echipamente originale (OEM) \u0219i domenii PKI se al\u0103tur\u0103, complexitatea c\u0103ii cre\u0219te. Dac\u0103 depozitele de \u00eencredere de la margine (EVSE\/controlere locale)<br \/>\nDin cauza \u00eent\u00e2rzierilor fa\u021b\u0103 de actualiz\u0103rile backend, handshake-urile TLS pot e\u0219ua chiar \u0219i atunci c\u00e2nd certificatele backend par \u201evalide\u201d \u00een mod izolat.<\/p>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Figura 1 (Imagistic\u0103 recomandat\u0103): Validarea c\u0103ii \u00een ISO 15118 cu r\u0103d\u0103cini multiple<\/strong><\/p>\n<p>(Afi\u0219a\u021bi r\u0103d\u0103cina V2G \/ r\u0103d\u0103cina OEM \/ r\u0103d\u0103cina contractual\u0103, intermediarii \u0219i pun\u021bile cu semn \u00eencruci\u0219at.)<br \/>\nEviden\u021bia\u021bi unde un intermediar nou semnat \u00eencruci\u0219at \u00eentrerupe construirea c\u0103ii pe EVSE dac\u0103 depozitele de \u00eencredere nu sunt actualizate sincronizat.<\/p>\n<p><strong>Mesajul principal:<\/strong> Majoritatea \u00eentreruperilor P&amp;C atribuite \u201ePKI\u201d sunt de fapt <strong>e\u0219ecuri de validare a c\u0103ii<\/strong> determinat\u0103 de driftul semn\u0103rilor \u00eencruci\u0219ate \u0219i depozitele de \u00eencredere nesincronizate.<\/p><\/blockquote>\n<h2>ACME \u0219i automatizare: condus de om vs. condus de sistem cu durate de via\u021b\u0103 de 199\/200 de zile<\/h2>\n<h3>De ce re\u00eennoirea manual\u0103 devine un generator determinist de \u00eentreruperi<\/h3>\n<p>Duratele de via\u021b\u0103 scurte fac ca re\u00eennoirile s\u0103 fie continue. Trecerea DigiCert c\u0103tre <strong>199 de zile de la 24 februarie 2026<\/strong><br \/>\nface ca acest lucru s\u0103 fie opera\u021bional imediat pentru multe flote. Iar calendarul mai larg al industriei este deja definit:<br \/>\n<strong>200 de zile<\/strong> (din 15 martie 2026), apoi <strong>100 de zile<\/strong>, apoi <strong>47 de zile<\/strong>.<\/p>\n<p>Pentru orice flot\u0103, evenimentele de re\u00eennoire se scaleaz\u0103 dup\u0103 cum urmeaz\u0103:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Evenimente de re\u00eennoire pe an \u2248 N \u00d7 (365 \/ L)<\/code><\/pre>\n<p>Unde <code>N<\/code> este num\u0103rul de puncte finale TLS \u0219i <code>L.<\/code> este durata de via\u021b\u0103 a certificatului (zile).<br \/>\nCa <code>L.<\/code> scade, re\u00eennoirea condus\u0103 de oameni devine matematic incompatibil\u0103 cu obiectivele de disponibilitate.<\/p>\n<h3>Scenariu (dimensionare la nivel de plac\u0103)<\/h3>\n<p>Pentru un CPO care opereaz\u0103 <strong>5.000 de puncte finale<\/strong>, o durat\u0103 de via\u021b\u0103 de 199 de zile implic\u0103:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Evenimente de re\u00eennoire\/an \u2248 5000 \u00d7 (365 \/ 199) \u2248 9.171<\/code><\/pre>\n<p>La aceast\u0103 scar\u0103, chiar \u0219i un <strong>Rata de eroare uman\u0103 1%<\/strong> se traduce aproximativ prin<br \/>\n<strong>92 de \u00eentreruperi cauzate de certificate pe an<\/strong>\u2014\u00eenainte de a lua \u00een considerare impactul orelor de v\u00e2rf,<br \/>\nPenaliz\u0103ri SLA sau e\u0219ecuri \u00een cascad\u0103 pe un hub.<\/p>\n<h3>ACME \u00een re\u021belele de \u00eenc\u0103rcare: ce ar trebui s\u0103 automatizeze<\/h3>\n<p>ACME (Automated Certificate Management Environment) transform\u0103 re\u00eennoirile \u00een opera\u021biuni bazate pe politici pentru:<\/p>\n<ul>\n<li>EVSE \u2194 TLS backend<\/li>\n<li>Controler local \/ proxy Edge TLS<\/li>\n<li>Gateway-uri de site \u0219i controlere hub<\/li>\n<\/ul>\n<p><strong>Flux de lucru condus de sistem (model de arhitectur\u0103)<\/strong><\/p>\n<ol>\n<li><strong>Inventar<\/strong> fiecare punct final (emitent, serie, lan\u021b, expirare, ultima rota\u021bie).<\/li>\n<li><strong>Politica de re\u00eennoire \u00eenainte de<\/strong> (re\u00eennoire la un prag fix, nu \u201eaproape de expirare\u201d).<\/li>\n<li><strong>Chei cu suport hardware<\/strong> acolo unde este posibil; evita\u021bi exportarea cheilor private.<\/li>\n<li><strong>Lansare etapizat\u0103<\/strong> cu verific\u0103ri ale st\u0103rii de func\u021bionare (str\u00e2ngere de m\u00e2n\u0103 + autorizare + \u00eenceperea sesiunii).<\/li>\n<li><strong>Revenire automat\u0103<\/strong> asupra ratelor crescute de e\u0219ec.<\/li>\n<li><strong>Jurnalele de dovezi<\/strong> pentru fiecare emitere\/implementare (trasabilitate la nivel de conformitate).<\/li>\n<\/ol>\n<p><strong>Condus de om vs. condus de sistem<\/strong><\/p>\n<ul>\n<li>Condus de oameni: Tichete, foi de calcul, re\u00eennoiri t\u00e2rzii, proprietate ambigu\u0103, modific\u0103ri urgente riscante.<\/li>\n<li>Condus\u0103 de sistem: Politici deterministe, emitere automat\u0103, implementare controlat\u0103, telemetrie continu\u0103, dovezi auditabile.<\/li>\n<\/ul>\n<h2>Verific\u0103ri de revocare: \u201eUciga\u0219ul P&amp;C\u201d (CRL vs OCSP, re\u021bele slabe \u0219i politici justificabile)<\/h2>\n<h3>De ce e\u0219ueaz\u0103 OCSP\/CRL \u00een garaje \u0219i depouri<\/h3>\n<ul>\n<li>LTE\/5G slab\/intermitent<\/li>\n<li>Ie\u0219ire restric\u021bionat\u0103 (firewall-uri\/portale captive)<\/li>\n<li>Pa\u0219i de validare sensibili la laten\u021b\u0103<\/li>\n<li>Dependen\u021be externe (respondere OCSP, puncte de distribu\u021bie CRL)<\/li>\n<\/ul>\n<p>Rezultat: EVSE poate ini\u021bia o sesiune, dar nu reu\u0219e\u0219te s\u0103 se finalizeze. <strong>validarea revoc\u0103rii<\/strong> \u00een mod fiabil.<\/p>\n<h3>CRL vs. OCSP: compromisuri practice<\/h3>\n<ul>\n<li><strong>CRL:<\/strong> desc\u0103rc\u0103ri mai grele, dar pot fi stocate \u00een cache \u0219i actualizate la timp (bun pentru continuitatea la margine).<\/li>\n<li><strong>OCSP:<\/strong> u\u0219or la cerere, dar necesit\u0103 adesea accesibilitate live la marginea cea mai slab\u0103.<\/li>\n<\/ul>\n<p>\u00cen 2026, postura corect\u0103 este stratificat\u0103:<\/p>\n<ul>\n<li>Cache CRL programat pentru rezilien\u021b\u0103<\/li>\n<li>OCSP unde conectivitatea este fiabil\u0103<\/li>\n<li>Politic\u0103 explicit\u0103 pentru condi\u021bii degradate<\/li>\n<\/ul>\n<h3>De ce \u201esoft-fail\u201d devine din ce \u00een ce mai greu de ap\u0103rat<\/h3>\n<p>Din punct de vedere istoric, \u201esoft-fail\u201d (permiterea sesiunii dac\u0103 revocarea verific\u0103 timpul de expirare) a p\u0103strat disponibilitatea.<br \/>\n\u00cen 2026, e\u0219ecul implicit devine mai greu de justificat deoarece:<\/p>\n<ul>\n<li>Duratele de via\u021b\u0103 sunt mai scurte (toleran\u021b\u0103 mai mic\u0103 pentru presupunerile \u00eenvechite)<\/li>\n<li>Timpul de raportare al CRA impune o disciplin\u0103 mai strict\u0103 \u00een ceea ce prive\u0219te incidentele \u0219i dovezile.<\/li>\n<\/ul>\n<p>Un design justificabil necesit\u0103 o politic\u0103 explicit\u0103 \u0219i documentat\u0103:<\/p>\n<ul>\n<li><strong>E\u0219ec greu<\/strong> pentru medii publice\/cu risc ridicat<\/li>\n<li><strong>Har cu dovezi<\/strong> pentru flote \u00eenchise (fereastr\u0103 limitat\u0103 + controale compensatorii)<\/li>\n<li><strong>\u00cenregistrarea dovezilor<\/strong> pentru fiecare decizie degradat\u0103<\/li>\n<\/ul>\n<h3>Atenu\u0103ri arhitecturale (modele, nu promisiuni de produs)<\/h3>\n<p><strong>Model 1: Prevalidare a marginilor + memorare \u00een cache<\/strong><\/p>\n<ul>\n<li>Cache CRL-uri cu ferestre de prospe\u021bime definite<\/li>\n<li>Intermediari de cache \u0219i lan\u021buri validate<\/li>\n<li>Pre\u00eenc\u0103rcare \u00een perioadele de \u201econectivitate bun\u0103\u201d<\/li>\n<\/ul>\n<p><strong>Model 2: Capsare OCSP (unde este posibil)<\/strong><\/p>\n<p>Capsarea OCSP mut\u0103 livrarea dovezii de revocare departe de cea mai slab\u0103 margine - reduc\u00e2nd dependen\u021ba live de infrastructura CA \u00een timpul stabilirii sesiunii.<\/p>\n<p><strong>Not\u0103 de implementare (realitate \u00eencorporat\u0103):<\/strong> \u00cen mediile EVSE, confirma\u021bi suportul pentru extensii legate de capsare<br \/>\n\u00een configura\u021bia stivei \u0219i a build-ului TLS \u00eencorporat (de exemplu, mbedTLS, wolfSSL) \u0219i valida\u021bi comportamentul pe hardware-ul vechi,<br \/>\ndeoarece completitudinea caracteristicilor \u0219i constr\u00e2ngerile de memorie\/RTOS variaz\u0103.<\/p>\n<p><strong>Modelul 3: Guvernan\u021b\u0103 de \u00eencredere multi-r\u0103d\u0103cin\u0103<\/strong><\/p>\n<ul>\n<li>Canal de actualizare al depozitului de \u00eencredere unificat pentru mai multe ancore OEM<\/li>\n<li>Actualiz\u0103ri Canary + revenire la versiunea ini\u021bial\u0103 atunci c\u00e2nd apar erori la construirea c\u0103ilor<\/li>\n<\/ul>\n<p><strong>Modelul 4: Guvernan\u021ba sincroniz\u0103rii temporale (neregociabil\u0103)<\/strong><\/p>\n<ul>\n<li>Politica NTP (sau PTP, dup\u0103 caz)<\/li>\n<li>Monitorizarea derivei \u0219i pragurile de alert\u0103<\/li>\n<li>Comportament definit atunci c\u00e2nd ceasurile nu sunt de \u00eencredere<\/li>\n<\/ul>\n<h2>Continuitate offline: men\u021binerea func\u021biei Plug &amp; Charge utilizabil\u0103 \u00een timpul deconect\u0103rilor de la re\u021beaua edge la cloud<\/h2>\n<h3>Ce este (\u0219i ce nu este) continuitatea offline<\/h3>\n<p>Continuitatea offline nu \u00eenseamn\u0103 \u201eocolirea PKI\u201d. Este o degradare controlat\u0103 care p\u0103streaz\u0103:<\/p>\n<ul>\n<li>Integritatea cheilor \u0219i a depozitelor de \u00eencredere<\/li>\n<li>Auditabilitate pentru facturare \u0219i r\u0103spuns la incidente<\/li>\n<li>Limite explicite privind ceea ce poate fi validat local (\u0219i pentru c\u00e2t timp)<\/li>\n<\/ul>\n<h3>Controlere locale \/ proxy-uri Edge ca primitive de disponibilitate<\/h3>\n<ul>\n<li>Men\u021binerea cache-urilor locale de \u00eencredere (ancore\/intermediare\/CRL-uri)<\/li>\n<li>Aplica\u021bi politici de autorizare local\u0103 limitat\u0103<\/li>\n<li>M\u0103surare\/jurnale tampon pentru reconciliere ulterioar\u0103<\/li>\n<li>Reduce\u021bi raza de declan\u0219are a exploziei WAN ac\u021bion\u00e2nd ca punct final local pentru EVSE<\/li>\n<\/ul>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Figura 2 (Imaginea recomandat\u0103): Edge Proxy ca memorie cache de \u00eencredere \u00een site-uri cu re\u021bea slab\u0103<\/strong><\/p>\n<p>(Afi\u0219a\u021bi EVSE-uri care se conecteaz\u0103 la un proxy Edge\/controler local la fa\u021ba locului. Proxy-ul men\u021bine ancore\/intermediari de \u00eencredere memora\u021bi \u00een cache,<br \/>\nre\u00eemprosp\u0103tare programat\u0103 a CRL-urilor, monitorizare a sincroniz\u0103rii temporale \u0219i jurnale de eviden\u021b\u0103; stocheaz\u0103 evenimentele \u00een cloud CSMS\/PKI atunci c\u00e2nd uplink-ul este instabil.)<\/p>\n<p><strong>Mesajul principal:<\/strong> Proxy-urile Edge reduc dependen\u021ba live de endpoint-urile OCSP\/CRL externe \u0219i permit continuitatea offline controlat\u0103 f\u0103r\u0103 a ocoli PKI.<\/p><\/blockquote>\n<h2>ARC \u0219i VMP: de la termenele limit\u0103 de raportare din septembrie 2026 la un model opera\u021bional auditabil<\/h2>\n<h3>Regulile de raportare ale ARC: proiectare conform standardelor de 24\/72 de ore<\/h3>\n<p>Regulile de raportare ale ARC impun produc\u0103torilor s\u0103 notifice vulnerabilit\u0103\u021bile exploatate activ \u0219i incidentele grave care au un impact<br \/>\nprivind securitatea produselor cu elemente digitale:<\/p>\n<ul>\n<li><strong>Avertizare timpurie \u00een termen de 24 de ore<\/strong> de a deveni con\u0219tient<\/li>\n<li><strong>Notificare complet\u0103 \u00een termen de 72 de ore<\/strong><\/li>\n<li><strong>Raport final<\/strong> \u00een cadrul unor ferestre definite (\u00een func\u021bie de clasa incidentului)<\/li>\n<\/ul>\n<p>O \u00eentrerupere la scar\u0103 larg\u0103 a serviciului Plug &amp; Charge cauzat\u0103 de o revocare \u00een mas\u0103 sau de o compromitere a ancorei de \u00eencredere <strong>se poate califica<\/strong><br \/>\nca incident grav, \u00een func\u021bie de impact \u0219i de dovezile de exploatare.<\/p>\n<h3>Procesul de gestionare a vulnerabilit\u0103\u021bilor (VMP): capabilit\u0103\u021bi minime viabile<\/h3>\n<ol>\n<li><strong>Adev\u0103rul despre flot\u0103:<\/strong> inventar de active + versiuni (firmware EVSE, imagini ale controlerului, versiuni din depozitul de \u00eencredere).<\/li>\n<li><strong>Integrare SBOM (dinamic\u0103):<\/strong> SBOM mapat la artefacte implementabile; corelare continu\u0103 cu informa\u021biile despre vulnerabilit\u0103\u021bi.<\/li>\n<li><strong>Gestionarea expunerii bazat\u0103 pe VEX:<\/strong> Men\u021bine\u021bi declara\u021biile VEX pentru a distinge \u201eprezent, dar neexploatabil\u201d de \u201eexploatabil \u00een implementarea noastr\u0103\u201d, permi\u021b\u00e2nd o definire credibil\u0103 a domeniului de aplicare \u00een fereastra T+24h.<\/li>\n<li><strong>De ce conteaz\u0103 VEX \u00een cadrul programului de 24 de ore:<\/strong> SBOM v\u0103 spune ce este prezent; VEX v\u0103 ajut\u0103 s\u0103 determina\u021bi ce este <strong>exploatabil<\/strong>, reduc\u00e2nd alarmele false \u0219i \u00eempiedic\u00e2nd echipele opera\u021bionale s\u0103 urm\u0103reasc\u0103 zgomotul neexploatabil.<\/li>\n<li><strong>Admitere \u0219i triaj:<\/strong> avize c\u0103tre furnizori, CVE-uri, constat\u0103ri interne; prioritiza\u021bi exploatabilitatea + expunerea.<\/li>\n<li><strong>Flux de lucru pentru definirea domeniului de aplicare T+24h:<\/strong> Corelarea SBOM + VEX + inventar pentru identificarea popula\u021biilor afectate; decizii ini\u021biale privind izolarea; colectarea dovezilor.<\/li>\n<li><strong>Flux de lucru pentru notific\u0103ri T+72h:<\/strong> domeniul de aplicare confirmat, m\u0103suri de atenuare, plan de implementare\/revenire, \u00eenregistrare comunica\u021bii.<\/li>\n<li><strong>Flux de lucru pentru raportul final:<\/strong> dovezi de validare + cauz\u0103 principal\u0103 + \u00eembun\u0103t\u0103\u021biri ale prevenirii dup\u0103 disponibilitatea m\u0103surilor corective.<\/li>\n<li><strong>Ingineria caden\u021bei patch-urilor:<\/strong> lansare etapizat\u0103, planuri de revenire la versiunea ini\u021bial\u0103, artefacte semnate, por\u021bi de verificare.<\/li>\n<li><strong>Aplicarea lan\u021bului de \u00eencredere:<\/strong> bootare securizat\u0103 + actualiz\u0103ri de firmware securizate; chei de semnare protejate \u00een HSM\/elemente securizate.<\/li>\n<li><strong>\u00cenregistrare bazat\u0103 pe dovezi:<\/strong> evenimente certificate, modific\u0103ri ale depozitului de \u00eencredere, e\u0219ecuri de revocare, starea sincroniz\u0103rii orei.<\/li>\n<\/ol>\n<p><strong>Scenariu de \u00eencredere cu severitate ridicat\u0103:<\/strong> Dac\u0103 revocarea este declan\u0219at\u0103 de o cheie r\u0103d\u0103cin\u0103 sau o cheie emitent\u0103 compromis\u0103,<br \/>\ntrata\u021bi-l ca pe un incident de \u00eencredere de severitate maxim\u0103 care necesit\u0103 o izolare imediat\u0103, ac\u021biuni la nivelul \u00eentregii flote \u00een ceea ce prive\u0219te stocarea de \u00eencredere,<br \/>\n\u0219i preg\u0103tirea pentru raportare aliniat\u0103 la CRA, \u00een func\u021bie de impact \u0219i dovezile de exploatare.<\/p>\n<h3>List\u0103 de verificare a num\u0103r\u0103torii inverse a r\u0103spunsului la incidente CRA (\u0219ablon opera\u021bional)<\/h3>\n<h4>T+0 (Detec\u021bie \/ Con\u0219tientizare)<\/h4>\n<ul>\n<li>\u00cenghe\u021barea dovezilor: jurnale, evenimente certificate, versiuni de stocare a \u00eencrederilor, starea sincroniz\u0103rii orei<\/li>\n<li>Identifica\u021bi suprafe\u021bele afectate: firmware EVSE, controlere locale, endpoint-uri TLS backend<\/li>\n<li>Conecta\u021bi furnizorul PKI \/ persoana de contact pentru securitatea backend<\/li>\n<\/ul>\n<h4>T+24h (Preg\u0103tire de avertizare timpurie)<\/h4>\n<ul>\n<li><strong>Obiectiv principal:<\/strong> Utilizare <strong>SBOM + VEX + inventar flot\u0103<\/strong> pentru a determina popula\u021bia afectat\u0103 \u0219i a transmite o avertizare timpurie bazat\u0103 pe dovezi<\/li>\n<li>Decide\u021bi izolarea: revocare\/rotire, revenire la trust-store, izolare site<\/li>\n<li>Proiectul pachetului de alert\u0103 timpurie: domeniul de aplicare, m\u0103surile de atenuare \u00een curs, postura interimar\u0103<\/li>\n<\/ul>\n<h4>T+72h (Preg\u0103tire complet\u0103 pentru notific\u0103ri)<\/h4>\n<ul>\n<li>Confirma\u021bi popula\u021biile afectate pe regiuni\/locuri; furniza\u021bi un plan de remediere + o metod\u0103 de implementare<\/li>\n<li>\u00centocmirea comunic\u0103rilor cu clien\u021bii\/operatorii \u0219i a eviden\u021bei escalad\u0103rii<\/li>\n<\/ul>\n<h4>Fereastra raportului final<\/h4>\n<ul>\n<li>Trimite\u021bi raportul final \u00een conformitate cu cerin\u021bele ARC (timpul depinde de clasa incidentului)<\/li>\n<li>Dovezi de validare post-reparare + lec\u021bii \u00eenv\u0103\u021bate<\/li>\n<\/ul>\n<h2>Cuantificarea costurilor \u0219i riscurilor (\u0219abloane pe care le pute\u021bi integra \u00een flota dvs.)<\/h2>\n<h3>Modelul costului for\u021bei de munc\u0103 pentru re\u00eennoirea manual\u0103<\/h3>\n<p>Fie:<\/p>\n<ul>\n<li><code>N<\/code> = num\u0103rul de puncte finale TLS (EVSE + controllere + gateway-uri + noduri backend gestionate)<\/li>\n<li><code>L.<\/code> = durata de via\u021b\u0103 a certific\u0103rii (zile)<\/li>\n<li><code>t<\/code> = timp uman per re\u00eennoire (ore)<\/li>\n<li><code>c.<\/code> = costul total al for\u021bei de munc\u0103 (USD\/or\u0103)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Costul for\u021bei de munc\u0103 \u2248 N \u00d7 (365 \/ L) \u00d7 t \u00d7 c<\/code><\/pre>\n<h3>Model de risc de \u00eentrerupere (expirare sau implementare e\u0219uat\u0103)<\/h3>\n<p>Fie:<\/p>\n<ul>\n<li><code>P_miss<\/code> = probabilitatea de re\u00eennoire ratat\u0103\/e\u0219uat\u0103 per ciclu<\/li>\n<li><code>H_down<\/code> = orele de nefunc\u021bionare estimate per incident<\/li>\n<li><code>C_or\u0103<\/code> = impact orar asupra afacerii (pierderi de venituri, penalit\u0103\u021bi, credite SLA)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Cost_\u00eentrerupere \u2248 P_lips\u0103 \u00d7 H_\u00eentrerupere \u00d7 C_or\u0103<\/code><\/pre>\n<h2>Ghid de decizie: C\u00e2nd verific\u0103rile de revocare online e\u0219ueaz\u0103 (expirare OCSP\/CRL)<\/h2>\n<ol>\n<li><strong>Loc public sau flot\u0103\/depozit \u00eenchis?<\/strong>\n<ul>\n<li>Public \u2192 prefer\u0103 <strong>E\u0219ec greu<\/strong> (sau gra\u021bie strict controlat\u0103 doar cu dovezi + controale compensatorii)<\/li>\n<li>Flot\u0103\/depozit \u2192 <strong>Har cu dovezi<\/strong> poate fi acceptabil pentru ferestre limitate<\/li>\n<\/ul>\n<\/li>\n<li><strong>Este fiabilitatea re\u021belei previzibil\u0103?<\/strong>\n<ul>\n<li>Da \u2192 OCSP\/CRL online + monitorizare<\/li>\n<li>Nu \u2192 <strong>Prevalidare la margine + memorare \u00een cache<\/strong> (Ferestre de actualizare CRL, lan\u021buri memorate \u00een cache)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Po\u021bi reduce dependen\u021ba online \u00een timpul sesiunii?<\/strong>\n<ul>\n<li>Unde este posibil \u2192 adopta\u021bi <strong>Model de capsare OCSP<\/strong> (\u00eempinge\u021bi dovada mai aproape de margine)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Ave\u021bi \u00eenregistrare a dovezilor + guvernan\u021b\u0103 pentru sincronizarea timpului?<\/strong>\n<ul>\n<li>Dac\u0103 nu \u2192 remedia\u021bi-le mai \u00eent\u00e2i; politicile de mod degradat sunt greu de ap\u0103rat f\u0103r\u0103 ele<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>Matricea responsabilit\u0103\u021bilor practice (limite care previn \u00eentreruperile)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Rol<\/th>\n<th>Emitere<\/th>\n<th>Validare<\/th>\n<th>Raportare<\/th>\n<th>Actualizare caden\u021b\u0103<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CPO-uri<\/strong><\/td>\n<td>Strategie TLS\/identitate; impunere re\u00eennoire automat\u0103; men\u021binere inventar endpoint; planificare pentru comportamentul de tranzi\u021bie CA (emitere \u00een 199 de zile de la 24 februarie pentru DigiCert)<\/td>\n<td>Definirea politicii de tip \u201ehard fail\u201d\/\u201esoft fail\u201d; actualitatea artefactelor de revocare; <strong>Guvernan\u021ba sincroniz\u0103rii timpului<\/strong> (NTP\/PTP, monitorizare a derivei, alerte)<\/td>\n<td>Operarea manualelor de incidente; promovarea preg\u0103tirii pentru raportare aliniat\u0103 la CRA (24h\/72h\/final\u0103)<\/td>\n<td>Monitorizare continu\u0103 a expir\u0103rilor; actualizare a depozitului de \u00eencredere; modific\u0103ri de urgen\u021b\u0103 ale ancorei de \u00eencredere; audituri de sincronizare temporal\u0103<\/td>\n<\/tr>\n<tr>\n<td><strong>Produc\u0103tori de echipamente originale EVSE<\/strong><\/td>\n<td>Stocare de chei bazat\u0103 pe hardware; pozi\u021bia identit\u0103\u021bii dispozitivului; hook-uri de automatizare; primitive de pornire\/actualizare securizate<\/td>\n<td>Postura TLS; construirea lan\u021bului; comportamentul de revocare; gestionarea depozitului de \u00eencredere; lan\u021b de pornire securizat\u0103 + actualizare de firmware securizat\u0103<\/td>\n<td>Gestionarea vulnerabilit\u0103\u021bilor produsului; recomand\u0103ri; pachete de remediere; raportare a asisten\u021bei operatorilor cu informa\u021bii tehnice<\/td>\n<td>Lans\u0103ri regulate + patch-uri de urgen\u021b\u0103; ferestre de asisten\u021b\u0103 definite; strategii de rota\u021bie a cheilor<\/td>\n<\/tr>\n<tr>\n<td><strong>Furnizori de PKI backend \/ V2G<\/strong><\/td>\n<td>Emiterea ecosistemului contractual (unde este cazul); opera\u021biuni CA\/RA; politica de emitere<\/td>\n<td>Validare backend; disponibilitate OCSP\/CRL; guvernan\u021b\u0103 ancor\u0103 de \u00eencredere<\/td>\n<td>Furniza\u021bi informa\u021bii despre incidente\/vulnerabilit\u0103\u021bi; sus\u021bine\u021bi pachetele de dovezi CRA cu cronologie<\/td>\n<td>Actualiz\u0103ri frecvente ale politicilor\/ancorelor de \u00eencredere; inginerie de rezilien\u021b\u0103 OCSP\/CRL; monitorizare continu\u0103<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Glosar<\/h2>\n<ul>\n<li><strong>ICP:<\/strong> Infrastructur\u0103 cu cheie public\u0103 (emitere, validare, ancore de \u00eencredere, revocare)<\/li>\n<li><strong>CULME:<\/strong> Mediu automat de gestionare a certificatelor (emitere\/re\u00eennoire automat\u0103)<\/li>\n<li><strong>OCSP \/ CRL:<\/strong> Protocol de stare a certificatelor online \/ List\u0103 de revocare a certificatelor<\/li>\n<li><strong>Capsare OCSP:<\/strong> Serverul prezint\u0103 dovada revoc\u0103rii pentru a reduce dependen\u021ba OCSP \u00een timp real<\/li>\n<li><strong>Ancore de \u00eencredere:<\/strong> Certificate r\u0103d\u0103cin\u0103\/intermediare \u00een care au \u00eencredere validatorii dvs.<\/li>\n<li><strong>SBOM:<\/strong> List\u0103 de materiale software (inventar componente pentru identificarea vulnerabilit\u0103\u021bilor)<\/li>\n<li><strong>VEX:<\/strong> Vulnerabilitate Exploitability eXchange (declara\u021bii de stare a exploat\u0103rii)<\/li>\n<li><strong>TLS 1.3:<\/strong> Profil TLS modern; handshake-ul \u0219i validarea certificatelor r\u0103m\u00e2n sensibile la laten\u021b\u0103<\/li>\n<li><strong>VMP:<\/strong> Procesul de gestionare a vulnerabilit\u0103\u021bilor (admitere, triere, aplicarea de patch-uri, raportare, dovezi)<\/li>\n<\/ul>\n<h2>Risc orientat spre viitor: Agilitate cripto \u0219i preg\u0103tire pentru PQC<\/h2>\n<p>De\u0219i anul 2026 este dominat de durate scurte de via\u021b\u0103 a TLS \u0219i raportare CRA, infrastructurile de \u00eenc\u0103rcare ar trebui s\u0103 \u00eenceap\u0103 evaluarea<br \/>\n<strong>cripto-agilitate<\/strong>\u00cen cazul activelor cu durat\u0103 lung\u0103 de via\u021b\u0103 (vehicule \u0219i \u00eenc\u0103rc\u0103toare), arhitecturile ar trebui s\u0103 evite blocarea hardware-ului, asigur\u00e2nd<br \/>\nElementele HSM\/securizate \u0219i stivele \u00eencorporate pot suporta actualiz\u0103ri viitoare ale algoritmilor \u0219i profilurilor de certificat f\u0103r\u0103 a necesita o re\u00eemprosp\u0103tare a hardware-ului.<\/p>\n<h2>FAQ<\/h2>\n<h3>Poate func\u021biona Plug &amp; Charge offline?<\/h3>\n<p>Par\u021bial - prin proiectare. Degradarea controlat\u0103 a P&amp;C offline se face folosind memorarea \u00een cache local\u0103 a \u00eencrederii (ancore\/intermediari\/CRL-uri acolo unde este posibil).<br \/>\npolitici explicite de gra\u021bie \u0219i jurnale de audit tamponate pentru reconciliere. Nu ar trebui s\u0103 ocoleasc\u0103 PKI; ar trebui s\u0103 reduc\u0103 dependen\u021ba de cloud-ul live.<br \/>\np\u0103str\u00e2nd \u00een acela\u0219i timp integritatea \u0219i auditabilitatea.<\/p>\n<h3>C\u00e2t de des trebuie s\u0103 re\u00eennoim certificatele cu durat\u0103 de via\u021b\u0103 de 199\/200 de zile?<\/h3>\n<p>Planifica\u021bi mai multe cicluri de re\u00eennoire pe an pentru fiecare punct final. Pentru mul\u021bi operatori, tranzi\u021bia opera\u021bional\u0103 \u00eencepe<br \/>\n<strong>24 februarie 2026<\/strong> deoarece DigiCert va emite certificate TLS publice cu un maxim <strong>199 de zile<\/strong> valabilitate de la data respectiv\u0103.<br \/>\nLa nivel mai larg al ecosistemului, Cerin\u021bele de Baz\u0103 definesc o reducere etapizat\u0103 la <strong>200\/100\/47 zile<\/strong>.<\/p>\n<h3>Ce declan\u0219eaz\u0103 obliga\u021biile de raportare ale ARC-ului?<\/h3>\n<p>Regulile de raportare ale ARC impun <strong>Avertizare timpurie de 24 de ore<\/strong> \u015fi <strong>Notificare cu 72 de ore \u00eenainte<\/strong> pentru vulnerabilit\u0103\u021bi exploatate activ \u0219i incidente grave,<br \/>\nplus ferestrele finale de raportare. O perturbare a \u00eencrederii P&amp;C la scar\u0103 larg\u0103 (de exemplu, revocare sau compromitere a valid\u0103rii r\u0103u inten\u021bionate) poate fi eligibil\u0103 \u00een func\u021bie de<br \/>\nbazate pe dovezi de impact \u0219i exploatare; un VMP preg\u0103tit pentru CRA ar trebui s\u0103 sprijine <strong>SBOM + VEX + inventar flot\u0103<\/strong> evaluarea scopului \u00een primele 24 de ore.<\/p>\n<\/article>","protected":false},"excerpt":{"rendered":"<p>TL;DR (Executive Action Summary) TLS cutover is a hard boundary (not a suggestion): From February 24, 2026, DigiCert will stop accepting public TLS certificate requests with validity greater than 199 days, and certificates issued from that date have a 199-day maximum validity. This is the practical cutover for many operators\u2014renewal velocity increases immediately. The 200\u2192100\u219247-day [&hellip;]<\/p>","protected":false},"author":3,"featured_media":37917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[143,142,158,146,151,152,159,157,99,153,141,147,149,150,145,98,154,144,148,155,156],"class_list":["post-38532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-acme","tag-certificate-lifecycle","tag-cra-compliance","tag-crl","tag-cross-signing","tag-edge-proxy","tag-ev-charging-infrastructure-2026","tag-evse-security","tag-iso-15118","tag-local-controller","tag-ocsp","tag-ocsp-stapling","tag-offline-charging","tag-path-validation","tag-pki","tag-plug-charge","tag-sbom","tag-tls-1-3","tag-trust-anchors","tag-vex","tag-vulnerability-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)<\/title>\n<meta name=\"description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.evb.com\/ro\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"ro_RO\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)\" \/>\n<meta property=\"og:description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.evb.com\/ro\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"EVB\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-12T07:13:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-16T12:39:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"evb\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scris de\" \/>\n\t<meta name=\"twitter:data1\" content=\"evb\" \/>\n\t<meta name=\"twitter:label2\" content=\"Timp estimat pentru citire\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"author\":{\"name\":\"evb\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\"},\"headline\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"wordCount\":2523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"keywords\":[\"ACME\",\"Certificate Lifecycle\",\"CRA Compliance\",\"CRL\",\"Cross-signing\",\"Edge Proxy\",\"EV Charging Infrastructure 2026\",\"EVSE Security\",\"ISO 15118\",\"Local Controller\",\"OCSP\",\"OCSP Stapling\",\"Offline Charging\",\"Path Validation\",\"PKI\",\"Plug &amp; Charge\",\"SBOM\",\"TLS 1.3\",\"Trust Anchors\",\"VEX\",\"Vulnerability Management\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"ro-RO\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\\\/200-Day + CRA 24h\\\/72h)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"description\":\"Manage ISO 15118 certificates in 2026: 199\\\/200-day TLS renewals, ACME automation, revocation failures (OCSP\\\/CRL), offline Plug & Charge, and CRA 24h\\\/72h reporting readiness.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\"},\"inLanguage\":\"ro-RO\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"width\":1280,\"height\":721,\"caption\":\"EVB 4 Guns 480kw dc ev charger with energy storage battery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.evb.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"name\":\"EVB\",\"description\":\"Smart EV Charging &amp; Energy Storage Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.evb.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ro-RO\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\",\"name\":\"EVB\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"width\":605,\"height\":626,\"caption\":\"EVB\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\",\"name\":\"evb\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"caption\":\"evb\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.evb.com\/ro\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_locale":"ro_RO","og_type":"article","og_title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","og_description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","og_url":"https:\/\/www.evb.com\/ro\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_site_name":"EVB","article_published_time":"2026-01-12T07:13:14+00:00","article_modified_time":"2026-01-16T12:39:19+00:00","og_image":[{"width":1280,"height":721,"url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","type":"image\/webp"}],"author":"evb","twitter_card":"summary_large_image","twitter_misc":{"Scris de":"evb","Timp estimat pentru citire":"11 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#article","isPartOf":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"author":{"name":"evb","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0"},"headline":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"wordCount":2523,"commentCount":0,"publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","keywords":["ACME","Certificate Lifecycle","CRA Compliance","CRL","Cross-signing","Edge Proxy","EV Charging Infrastructure 2026","EVSE Security","ISO 15118","Local Controller","OCSP","OCSP Stapling","Offline Charging","Path Validation","PKI","Plug &amp; Charge","SBOM","TLS 1.3","Trust Anchors","VEX","Vulnerability Management"],"articleSection":["Blog"],"inLanguage":"ro-RO","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","url":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","name":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","isPartOf":{"@id":"https:\/\/www.evb.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","breadcrumb":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb"},"inLanguage":"ro-RO","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","width":1280,"height":721,"caption":"EVB 4 Guns 480kw dc ev charger with energy storage battery"},{"@type":"BreadcrumbList","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.evb.com\/"},{"@type":"ListItem","position":2,"name":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.evb.com\/#website","url":"https:\/\/www.evb.com\/","name":"EVB","description":"Smart EV Charging &amp; Energy Storage Solutions","publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.evb.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ro-RO"},{"@type":"Organization","@id":"https:\/\/www.evb.com\/#organization","name":"EVB","url":"https:\/\/www.evb.com\/","logo":{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","width":605,"height":626,"caption":"EVB"},"image":{"@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0","name":"evb","image":{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","caption":"evb"}}]}},"_links":{"self":[{"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/posts\/38532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/comments?post=38532"}],"version-history":[{"count":5,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/posts\/38532\/revisions"}],"predecessor-version":[{"id":38581,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/posts\/38532\/revisions\/38581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/media\/37917"}],"wp:attachment":[{"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/media?parent=38532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/categories?post=38532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evb.com\/ro\/wp-json\/wp\/v2\/tags?post=38532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}