{"id":38532,"date":"2026-01-12T15:13:14","date_gmt":"2026-01-12T07:13:14","guid":{"rendered":"https:\/\/www.evb.com\/?p=38532"},"modified":"2026-01-16T20:39:19","modified_gmt":"2026-01-16T12:39:19","slug":"iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance","status":"publish","type":"post","link":"https:\/\/www.evb.com\/sv\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","title":{"rendered":"ISO 15118-certifikatets livscykelhantering \u00e5r 2026: Fr\u00e5n TLS-br\u00e5dska till efterlevnad av kreditv\u00e4rderingsinstitut"},"content":{"rendered":"<article>\n<div class=\"mceTemp\"><\/div>\n<figure id=\"attachment_36118\" aria-describedby=\"caption-attachment-36118\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-36118\" title=\"\u00d6versikt \u00f6ver EVB-produktlinjen f\u00f6r laddning och energilagring\" src=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg\" alt=\"EVB:s portf\u00f6lj av AC- och DC-laddare f\u00f6r elbilar och kommersiella energilagringssystem\" width=\"635\" height=\"397\" srcset=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg 2560w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-1536x960.jpeg 1536w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-2048x1280.jpeg 2048w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-18x12.jpeg 18w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-600x375.jpeg 600w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-768x480.jpeg 768w\" sizes=\"auto, (max-width: 635px) 100vw, 635px\" \/><figcaption id=\"caption-attachment-36118\" class=\"wp-caption-text\"><a href=\"https:\/\/www.evb.com\/sv\/\">EVB erbjuder ett komplett utbud av AC- och DC-laddare f\u00f6r elbilar<\/a><\/figcaption><\/figure>\n<h2>TL;DR (Sammanfattning av verkst\u00e4llande \u00e5tg\u00e4rder)<\/h2>\n<ul>\n<li><strong>TLS-\u00f6verg\u00e5ngen \u00e4r en h\u00e5rd gr\u00e4ns (inte ett f\u00f6rslag):<\/strong> Fr\u00e5n <strong>24 februari 2026<\/strong>, DigiCert kommer att <strong>sluta acceptera<\/strong> offentliga TLS-certifikatf\u00f6rfr\u00e5gningar med giltighet <strong>mer \u00e4n 199 dagar<\/strong>, och certifikat som utf\u00e4rdats fr\u00e5n det datumet har en <strong>Maximal giltighetstid 199 dagar<\/strong>Detta \u00e4r den praktiska \u00f6verg\u00e5ngen f\u00f6r m\u00e5nga operat\u00f6rer \u2013 f\u00f6rnyelsehastigheten \u00f6kar omedelbart.<\/li>\n<li><strong>F\u00e4rdplanen p\u00e5 200\u2192100\u219247 dagar \u00e4r redan definierad:<\/strong> Baskraven f\u00f6r CA\/Browser Forum anger en stegvis minskning: <strong>200 dagar fr\u00e5n den 15 mars 2026<\/strong>, <strong>100 dagar fr\u00e5n den 15 mars 2027<\/strong>och <strong>47 dagar fr\u00e5n den 15 mars 2029<\/strong>.<\/li>\n<li><strong>CRA l\u00e4gger till en efterlevnadsklocka:<\/strong> Regler f\u00f6r kreditv\u00e4rderingsinstitutets rapportering kr\u00e4ver <strong>tidig varning inom 24 timmar<\/strong>, <strong>fullst\u00e4ndig anm\u00e4lan inom 72 timmar<\/strong>och definierade slutliga rapporteringsf\u00f6nster f\u00f6r aktivt utnyttjade s\u00e5rbarheter och allvarliga incidenter.<\/li>\n<li><strong>Den st\u00f6rsta dolda risken \u00e4r inte utg\u00e5ngsdatum:<\/strong> Det systemiska fell\u00e4get \u00e4r <strong>f\u00f6rtroendeankardrift<\/strong>\u2014\u00e4ndringar i roots\/intermediates\/cross-signing \u00e4r osynkroniserade mellan EVSE, lokala styrenheter och backend-valideringsv\u00e4gar.<\/li>\n<li><strong>F\u00f6rsta investeringen f\u00f6r att skydda drifttiden:<\/strong> Systemledd automatisering (ACME + lager + stegvis utrullning) plus <strong>kantkontinuitet<\/strong> (lokal validering\/cachning, bevisloggar och tidssynkroniseringsstyrning).<\/li>\n<\/ul>\n<h2>Introduktion: 2026 f\u00f6rvandlar Plug &amp; Charge till ett operativt system<\/h2>\n<p>\u00c5r 2026 slutar Plug &amp; Charge (P&amp;C) att vara en &quot;st\u00e4ll in och gl\u00f6m&quot;-funktion och blir en <strong>kontinuerligt operativsystem<\/strong>.<br \/>\nISO 15118-f\u00f6rtroendeplanet (PKI + TLS + \u00e5terkallelse + uppdateringar) styrs nu av tidslinjer som inte tolererar manuella arbetsfl\u00f6den.<\/p>\n<p>F\u00f6r att f\u00f6rst\u00e5 systemgr\u00e4nsen \u2013 vad ISO 15118 ansvarar f\u00f6r kontra vad OCPP ansvarar f\u00f6r \u2013 b\u00f6rja med v\u00e5r kompletterande text:<br \/>\n<a href=\"https:\/\/www.evb.com\/sv\/iso-15118-ocpp-in-2026-real-world-deployment-pki-and-grid-readiness\/\">ISO 15118 j\u00e4mf\u00f6rt med OCPP-implementeringsverkligheten \u00e5r 2026<\/a>.<\/p>\n<p>Det omedelbara trycket \u00e4r <strong>TLS livscykelkomprimering<\/strong>Rent praktiskt kan man inte \u201dv\u00e4nta till mars\u201d.<br \/>\nDigiCert kommer att <strong>sluta acceptera<\/strong> offentliga TLS-f\u00f6rfr\u00e5gningar som \u00f6verstiger <strong>199 dagar<\/strong> startande <strong>24 februari 2026<\/strong>,<br \/>\noch certifikat som utf\u00e4rdats fr\u00e5n och med den dagen kommer att ha en <strong>Maximal giltighetstid 199 dagar<\/strong>.<br \/>\nDigiCert betonar ocks\u00e5 en kritisk operativ detalj: den maximalt till\u00e5tna giltigheten styrs av <strong>utgivningsdatum<\/strong>, inte n\u00e4r best\u00e4llningen g\u00f6rs.<\/p>\n<p>Samtidigt inf\u00f6rs en andra klocka genom EU:s cyberresilienslagstiftning (CRA): rapporteringsregler kr\u00e4ver<br \/>\n<strong>24-timmars tidig varning<\/strong> och <strong>72-timmars avisering<\/strong> f\u00f6r aktivt utnyttjade s\u00e5rbarheter och allvarliga incidenter som p\u00e5verkar produkter med digitala element.<\/p>\n<p>Denna guide fokuserar p\u00e5 arkitektur och riskkontroller f\u00f6r att driva ISO 15118-certifikat under dessa begr\u00e4nsningar.<\/p>\n<h2>Milstolpar och n\u00f6dv\u00e4ndiga \u00e5tg\u00e4rder 2024\u20132026 (text Gantt)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>F\u00f6nster<\/th>\n<th>2024 H2<\/th>\n<th>2025 H1<\/th>\n<th>2025 H2<\/th>\n<th><strong>24 februari 2026<\/strong><\/th>\n<th><strong>15 mars 2026<\/strong><\/th>\n<th><strong>11 september 2026<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Extern f\u00f6r\u00e4ndring<\/strong><\/td>\n<td>CA-\u00f6verg\u00e5ngssignaler<\/td>\n<td>Pilotautomation<\/td>\n<td>\u00d6vningar f\u00f6r f\u00f6rtroendeankare<\/td>\n<td><strong>DigiCert 199-dagars utgivning b\u00f6rjar<\/strong><\/td>\n<td><strong>200-dagars BR-takfasen b\u00f6rjar<\/strong><\/td>\n<td>Rapporteringsskyldigheter fr\u00e5n kreditv\u00e4rderingsinstitut \u00e4r aktiva (enligt riktlinjer)<\/td>\n<\/tr>\n<tr>\n<td><strong>Vad man ska g\u00f6ra<\/strong><\/td>\n<td>Slutpunkter f\u00f6r lager<\/td>\n<td>ACME-pilot + telemetri<\/td>\n<td>Offlinestrategi + utrullning av betrodda butiker<\/td>\n<td>Frys manuella f\u00f6rnyelsev\u00e4gar<\/td>\n<td>Fullst\u00e4ndiga systemledda f\u00f6rnyelser<\/td>\n<td>K\u00f6r CRA-\u00f6vningar med bordsunderlag och bevis<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Operativ anm\u00e4rkning:<\/strong> Den 24 februari 2026 \u00e4r ofta den verkliga brytpunkten eftersom utgivningsbeteendet d\u00e5 f\u00f6r\u00e4ndras f\u00f6r st\u00f6rre CA-myndigheter.<\/p>\n<p><strong>Policynotering:<\/strong> De etappvisa livstidsreduktionerna definieras i baslinjekraven (200\/100\/47 dagar).<\/p>\n<h2>Livscykellandskapet: Provisionering \u2192 Drift \u2192 F\u00f6rnyelse \u2192 \u00c5terkallelse<\/h2>\n<h3>Livscykelkarta (vad du m\u00e5ste kunna hantera)<\/h3>\n<ol>\n<li><strong>OEM-provisionering:<\/strong> Nycklar genererade\/injicerade; f\u00f6rtroendets rot etablerad (HSM\/s\u00e4kert element).<\/li>\n<li><strong>Kontraktsregistrering:<\/strong> Kontraktscertifikat bundna till anv\u00e4ndarkontrakt (ekosystemberoende).<\/li>\n<li><strong>EVSE-drifttagning:<\/strong> Baslinjer f\u00f6r f\u00f6rtroendelagrar, policyer och baslinjer f\u00f6r tidssynkronisering har uppr\u00e4ttats.<\/li>\n<li><strong>Operativ validering:<\/strong> TLS-handskakningar, kedjebyggande, \u00e5terkallningskontroll, policytill\u00e4mpning.<\/li>\n<li><strong>F\u00f6rnyelse \/ \u00e5terutgivning:<\/strong> Automatisering + etappvis utrullning + \u00e5terst\u00e4llning.<\/li>\n<li><strong>\u00c5terkallelse \/ incidentrespons:<\/strong> Kompromiss\/felaktig utf\u00e4rdande\/utnyttjande \u2192 \u00e5terkalla\/rotera\/\u00e5terst\u00e4lla.<\/li>\n<li><strong>\u00c5terh\u00e4mtning och f\u00f6rsoning:<\/strong> \u00c5terst\u00e4ll tj\u00e4nsten samtidigt som granskningsbarhet och faktureringsintegritet bibeh\u00e5lls.<\/li>\n<\/ol>\n<h3>Den underskattade misslyckandepunkten: F\u00f6rtroendeankarets drift<\/h3>\n<p>De flesta &quot;mystiska P&amp;C-fel&quot; i milj\u00f6er med flera OEM-tillverkare \u00e4r inte ett enda utg\u00e5nget certifikat \u2013 de \u00e4r<br \/>\n<strong>fel p\u00e5 s\u00f6kv\u00e4gsvalidering<\/strong> orsakad av drift av f\u00f6rtroendeankare:<\/p>\n<ul>\n<li>Nya r\u00f6tter\/mellanprodukter dyker upp (verklighet med flera r\u00f6tter).<\/li>\n<li><strong>Korssignering<\/strong> f\u00f6r\u00e4ndringar f\u00f6r\u00e4ndrar genomf\u00f6rbara kedjor.<\/li>\n<li>Backend-f\u00f6rtroendelagrar uppdateras snabbare \u00e4n EVSE\/lokala styrenheter.<\/li>\n<li>\u00c5terkallningsartefakter blir inaktuella i kanten.<\/li>\n<\/ul>\n<p>Behandla uppdateringar av f\u00f6rtroendeankare som en s\u00e4kerhetskritisk f\u00f6r\u00e4ndringsprocess:<\/p>\n<ul>\n<li>Versionsbaserade f\u00f6rtroendebutiker<\/li>\n<li>Canary-lanseringar<\/li>\n<li>\u00c5terst\u00e4llningsplaner<\/li>\n<li>Telemetri vid valideringsfel efter utf\u00e4rdare\/serienummer\/s\u00f6kv\u00e4g<\/li>\n<li>En tydlig \u00e4gare f\u00f6r &quot;vem uppdaterar vad, n\u00e4r&quot;<\/li>\n<\/ul>\n<p><strong>Misslyckanden med korssignering och v\u00e4gbyggande (verkligheten 2026):<\/strong> I ISO 15118-ekosystem med flera rotar,<br \/>\nPlug &amp; Charge misslyckas ofta inte f\u00f6r att ett certifikat \u00e4r ogiltigt, utan f\u00f6r att EVSE inte kan bygga ett giltigt<br \/>\n<strong>certifikats\u00f6kv\u00e4g<\/strong> efter korssignerings\u00e4ndringar (nya intermedi\u00e4rer, brygg-CA:er, \u00e5terutgivna kedjor).<br \/>\nAllt eftersom fler OEM-f\u00f6retag och PKI-dom\u00e4ner ansluts \u00f6kar komplexiteten i s\u00f6kv\u00e4gen. Om f\u00f6rtroendelagringar i edge-system (EVSE\/lokala styrenheter)<br \/>\nsl\u00e4par efter backend-uppdateringar, TLS-handskakningar kan misslyckas \u00e4ven n\u00e4r backend-certifikat verkar &quot;giltiga&quot; isolerat.<\/p>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Figur 1 (rekommenderad visuell): S\u00f6kv\u00e4gsvalidering i Multi-Root ISO 15118<\/strong><\/p>\n<p>(Visa V2G-rot \/ OEM-rot \/ kontraktsrot, mellanliggande och korssigneringsbryggor.<br \/>\nMarkera var en nyligen korssignerad mellanprodukt avbryter s\u00f6kv\u00e4gsbyggandet p\u00e5 EVSE om f\u00f6rtroendelagren inte uppdateras synkroniserat.<\/p>\n<p><strong>K\u00e4rnbudskap:<\/strong> De flesta avbrott i el- och elcentraler som skylls p\u00e5 &quot;PKI&quot; \u00e4r faktiskt <strong>fel p\u00e5 s\u00f6kv\u00e4gsvalidering<\/strong> driven av korssigneringsdrift och osynkroniserade f\u00f6rtroendelagrar.<\/p><\/blockquote>\n<h2>ACME och automation: M\u00e4nniskoledd kontra systemledd under 199\/200 dagars livsl\u00e4ngd<\/h2>\n<h3>Varf\u00f6r manuell f\u00f6rnyelse blir en deterministisk avbrottsgenerator<\/h3>\n<p>Korta livsl\u00e4ngder g\u00f6r att f\u00f6rnyelser sker kontinuerligt. DigiCerts \u00f6verg\u00e5ng till <strong>199 dagar fr\u00e5n den 24 februari 2026<\/strong><br \/>\ng\u00f6r detta omedelbart operativt f\u00f6r m\u00e5nga flottor. Och den bredare tidslinjen f\u00f6r branschen \u00e4r redan definierad:<br \/>\n<strong>200 dagar<\/strong> (fr\u00e5n och med 15 mars 2026), sedan <strong>100 dagar<\/strong>, sedan <strong>47 dagar<\/strong>.<\/p>\n<p>F\u00f6r alla flottor skalas f\u00f6rnyelseh\u00e4ndelser upp enligt:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>F\u00f6rnyelseh\u00e4ndelser per \u00e5r \u2248 N \u00d7 (365 \/ L)<\/code><\/pre>\n<p>D\u00e4r <code>N<\/code> \u00e4r antalet TLS-slutpunkter och <code>L<\/code> \u00e4r certifikatets livsl\u00e4ngd (dagar).<br \/>\nSom <code>L<\/code> minskar, blir m\u00e4nniskoledd f\u00f6rnyelse matematiskt inkompatibel med drifttidsm\u00e5l.<\/p>\n<h3>Scenario (storleksanpassning p\u00e5 styrelseniv\u00e5)<\/h3>\n<p>F\u00f6r en CPO som \u00e4r verksam <strong>5 000 slutpunkter<\/strong>, en livsl\u00e4ngd p\u00e5 199 dagar inneb\u00e4r:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>F\u00f6rnyelseh\u00e4ndelser\/\u00e5r \u2248 5000 \u00d7 (365 \/ 199) \u2248 9 171<\/code><\/pre>\n<p>I denna skala, \u00e4ven en <strong>1% m\u00e4nskliga felfrekvens<\/strong> \u00f6vers\u00e4tts till ungef\u00e4r<br \/>\n<strong>92 certifikatdrivna avbrott per \u00e5r<\/strong>\u2014innan man tar h\u00e4nsyn till effekterna under rusningstid,<br \/>\nSLA-p\u00e5f\u00f6ljder, eller kaskadliknande fel \u00f6ver en hubb.<\/p>\n<h3>ACME i laddningsn\u00e4tverk: vad det b\u00f6r automatisera<\/h3>\n<p>ACME (Automated Certificate Management Environment) omvandlar f\u00f6rnyelser till policydrivna \u00e5tg\u00e4rder f\u00f6r:<\/p>\n<ul>\n<li>EVSE \u2194 backend-TLS<\/li>\n<li>Lokal styrenhet \/ Edge Proxy TLS<\/li>\n<li>Platsgateways och hubbkontroller<\/li>\n<\/ul>\n<p><strong>Systemlett arbetsfl\u00f6de (arkitekturm\u00f6nster)<\/strong><\/p>\n<ol>\n<li><strong>Lager<\/strong> varje slutpunkt (utgivare, serienummer, kedja, utg\u00e5ngsdatum, senaste rotation).<\/li>\n<li><strong>F\u00f6rnya-f\u00f6re-policy<\/strong> (f\u00f6rnya vid en fastst\u00e4lld tr\u00f6skel, inte &quot;n\u00e4ra utg\u00e5ng&quot;).<\/li>\n<li><strong>H\u00e5rdvarubaserade nycklar<\/strong> d\u00e4r det \u00e4r m\u00f6jligt; undvik att exportera privata nycklar.<\/li>\n<li><strong>Etappvis lansering<\/strong> med h\u00e4lsokontroller (handskakning + auktorisering + sessionsstart).<\/li>\n<li><strong>Automatisk \u00e5terst\u00e4llning<\/strong> p\u00e5 f\u00f6rh\u00f6jda felfrekvenser.<\/li>\n<li><strong>Bevisloggar<\/strong> f\u00f6r varje utf\u00e4rdande\/distribution (sp\u00e5rbarhet av efterlevnadsklass).<\/li>\n<\/ol>\n<p><strong>M\u00e4nniskoledd kontra systemledd<\/strong><\/p>\n<ul>\n<li>M\u00e4nniskoledda: \u00c4renden, kalkylblad, sena f\u00f6rnyelser, tvetydigt \u00e4garskap, riskabla n\u00f6d\u00e4ndringar.<\/li>\n<li>Systemledd: Deterministiska policyer, automatiserad utf\u00e4rdande, kontrollerad utrullning, kontinuerlig telemetri, granskningsbara bevis.<\/li>\n<\/ul>\n<h2>\u00c5terkallningskontroller: &quot;P&amp;C Killer&quot; (CRL vs OCSP, svaga n\u00e4tverk och f\u00f6rsvarbara policyer)<\/h2>\n<h3>Varf\u00f6r OCSP\/CRL misslyckas i garage och dep\u00e5er<\/h3>\n<ul>\n<li>Svag\/intermittent LTE\/5G<\/li>\n<li>Begr\u00e4nsad utg\u00e5ng (brandv\u00e4ggar\/captive portals)<\/li>\n<li>Latensk\u00e4nsliga valideringssteg<\/li>\n<li>Externa beroenden (OCSP-svarare, CRL-distributionspunkter)<\/li>\n<\/ul>\n<p>Resultat: EVSE kan starta en session men misslyckas med att slutf\u00f6ra <strong>\u00e5terkallelsevalidering<\/strong> tillf\u00f6rlitligt.<\/p>\n<h3>CRL vs OCSP: praktiska avv\u00e4gningar<\/h3>\n<ul>\n<li><strong>CRL:<\/strong> tyngre nedladdningar, men cachebara och uppdateras enligt schema (bra f\u00f6r kontinuitet i kanten).<\/li>\n<li><strong>OCSP:<\/strong> l\u00e4tt per beg\u00e4ran, men kr\u00e4ver ofta live-n\u00e5barhet vid den svagaste kanten.<\/li>\n<\/ul>\n<p>\u00c5r 2026 \u00e4r den korrekta h\u00e5llningen lager p\u00e5 lager:<\/p>\n<ul>\n<li>Schemalagd CRL-cachning f\u00f6r \u00e5terh\u00e4mtningsf\u00f6rm\u00e5ga<\/li>\n<li>OCSP d\u00e4r anslutningen \u00e4r tillf\u00f6rlitlig<\/li>\n<li>Uttrycklig policy f\u00f6r f\u00f6rs\u00e4mrade f\u00f6rh\u00e5llanden<\/li>\n<\/ul>\n<h3>Varf\u00f6r &quot;mjuka misslyckanden&quot; blir sv\u00e5rare att f\u00f6rsvara<\/h3>\n<p>Historiskt sett bevarade &quot;soft-fail&quot; (till\u00e5t session om \u00e5terkallningskontrollen kontrollerar timeout) tillg\u00e4ngligheten.<br \/>\n\u00c5r 2026 blir mjuka misslyckanden sv\u00e5rare att r\u00e4ttf\u00e4rdiga eftersom:<\/p>\n<ul>\n<li>Livsl\u00e4ngderna \u00e4r kortare (mindre tolerans f\u00f6r inaktuella antaganden)<\/li>\n<li>CRA:s rapporteringsklocka tvingar fram starkare incidentdisciplin och bevissp\u00e5rning<\/li>\n<\/ul>\n<p>En f\u00f6rsvarbar design kr\u00e4ver en tydlig, dokumenterad policy:<\/p>\n<ul>\n<li><strong>H\u00e5rdfel<\/strong> f\u00f6r offentliga\/h\u00f6griskmilj\u00f6er<\/li>\n<li><strong>N\u00e5d med bevis<\/strong> f\u00f6r slutna flottor (begr\u00e4nsat f\u00f6nster + kompenserande kontroller)<\/li>\n<li><strong>Bevisloggning<\/strong> f\u00f6r varje f\u00f6rs\u00e4mrat beslut<\/li>\n<\/ul>\n<h3>Arkitektoniska begr\u00e4nsningar (m\u00f6nster, inte produktl\u00f6ften)<\/h3>\n<p><strong>M\u00f6nster 1: F\u00f6rvalidering av kant + cachning<\/strong><\/p>\n<ul>\n<li>Cache-CRL:er med definierade uppdateringsf\u00f6nster<\/li>\n<li>Cache-mellanprodukter och validerade kedjor<\/li>\n<li>F\u00f6rh\u00e4mta under perioder med &quot;god anslutning&quot;<\/li>\n<\/ul>\n<p><strong>M\u00f6nster 2: OCSP-h\u00e4ftning (d\u00e4r det \u00e4r m\u00f6jligt)<\/strong><\/p>\n<p>OCSP-h\u00e4ftning flyttar \u00e5terkallningss\u00e4ker leverans bort fr\u00e5n den svagaste kanten \u2013 vilket minskar beroendet av CA-infrastruktur i realtid under sessionsuppr\u00e4ttandet.<\/p>\n<p><strong>Implementeringsnotering (inb\u00e4ddad verklighet):<\/strong> I EVSE-milj\u00f6er, bekr\u00e4fta st\u00f6d f\u00f6r h\u00e4ftningsrelaterad f\u00f6rl\u00e4ngning<br \/>\ni din inb\u00e4ddade TLS-stack och byggkonfiguration (t.ex. mbedTLS, wolfSSL) och validera beteende \u00f6ver \u00e4ldre h\u00e5rdvara,<br \/>\neftersom funktionens fullst\u00e4ndighet och minnes-\/RTOS-begr\u00e4nsningar varierar.<\/p>\n<p><strong>M\u00f6nster 3: Styrning av f\u00f6rtroenden med flera rotar<\/strong><\/p>\n<ul>\n<li>Enhetlig uppdateringskanal f\u00f6r f\u00f6rtroendelager f\u00f6r flera OEM-ankare<\/li>\n<li>Canary-uppdateringar + \u00e5terst\u00e4llning n\u00e4r fel i s\u00f6kv\u00e4gsbyggandet \u00f6kar<\/li>\n<\/ul>\n<p><strong>M\u00f6nster 4: Tidssynkroniseringsstyrning (ej f\u00f6rhandlingsbart)<\/strong><\/p>\n<ul>\n<li>NTP-policy (eller PTP d\u00e4r s\u00e5 \u00e4r l\u00e4mpligt)<\/li>\n<li>Drift\u00f6vervakning och varningstr\u00f6sklar<\/li>\n<li>Definierat beteende n\u00e4r klockor inte \u00e4r betrodda<\/li>\n<\/ul>\n<h2>Offline-kontinuitet: g\u00f6r att Plug &amp; Charge kan anv\u00e4ndas \u00e4ven vid fr\u00e5nkopplingar mellan edge och moln<\/h2>\n<h3>Vad offline-kontinuitet \u00e4r (och inte \u00e4r)<\/h3>\n<p>Offline-kontinuitet \u00e4r inte att &quot;kringg\u00e5 PKI&quot;. Det \u00e4r kontrollerad nedbrytning som bevarar:<\/p>\n<ul>\n<li>Nyckelintegritet och f\u00f6rtroendef\u00f6rvaring<\/li>\n<li>Granskningsbarhet f\u00f6r fakturering och incidenthantering<\/li>\n<li>Explicita gr\u00e4nser f\u00f6r vad som kan valideras lokalt (och hur l\u00e4nge)<\/li>\n<\/ul>\n<h3>Lokala styrenheter\/kantproxyer som tillg\u00e4nglighetsprimitiver<\/h3>\n<ul>\n<li>Underh\u00e5ll lokala f\u00f6rtroendecacher (ankare\/mellanliggande\/CRL:er)<\/li>\n<li>Till\u00e4mpa begr\u00e4nsade lokala auktoriseringspolicyer<\/li>\n<li>Buffertm\u00e4tning\/loggar f\u00f6r senare avst\u00e4mning<\/li>\n<li>Minska WAN-spr\u00e4ngningsradien genom att fungera som lokal slutpunkt f\u00f6r EVSE<\/li>\n<\/ul>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>Figur 2 (rekommenderad visuell visning): Edge Proxy som en Trust Cache p\u00e5 webbplatser med svagt n\u00e4tverk<\/strong><\/p>\n<p>(Visa EVSE:er som ansluter till en Edge Proxy\/Local Controller p\u00e5 plats. Proxyn underh\u00e5ller cachade f\u00f6rtroendeankare\/mellanprodukter,<br \/>\nschemalagd CRL-uppdatering, tidssynkroniserings\u00f6vervakning och bevisloggar; den buffrar h\u00e4ndelser till molnets CSMS\/PKI n\u00e4r uppl\u00e4nken \u00e4r instabil.)<\/p>\n<p><strong>K\u00e4rnbudskap:<\/strong> Edge-proxyer minskar beroendet av externa OCSP\/CRL-slutpunkter i realtid och m\u00f6jligg\u00f6r kontrollerad offline-kontinuitet utan att kringg\u00e5 PKI.<\/p><\/blockquote>\n<h2>CRA &amp; VMP: fr\u00e5n september 2026 rapporteringsfrister till en granskningsbar verksamhetsmodell<\/h2>\n<h3>Regler f\u00f6r kreditv\u00e4rderingsinstitutets rapportering: utformning f\u00f6r dygnet runt<\/h3>\n<p>Reglerna f\u00f6r kreditv\u00e4rderingsinstituts rapportering kr\u00e4ver att tillverkare anm\u00e4ler aktivt utnyttjade s\u00e5rbarheter och allvarliga incidenter som p\u00e5verkar<br \/>\nom s\u00e4kerheten f\u00f6r produkter med digitala element:<\/p>\n<ul>\n<li><strong>Tidig varning inom 24 timmar<\/strong> att bli medveten<\/li>\n<li><strong>Fullst\u00e4ndig anm\u00e4lan inom 72 timmar<\/strong><\/li>\n<li><strong>Slutrapport<\/strong> inom definierade f\u00f6nster (beroende p\u00e5 incidentklass)<\/li>\n<\/ul>\n<p>En storskalig Plug &amp; Charge-st\u00f6rning orsakad av mass\u00e5terkallelse eller en kompromiss mellan f\u00f6rtroendeankare <strong>kan kvalificera sig<\/strong><br \/>\nsom en allvarlig incident beroende p\u00e5 p\u00e5verkan och bevis f\u00f6r utnyttjande.<\/p>\n<h3>S\u00e5rbarhetshanteringsprocess (VMP): minsta m\u00f6jliga genomf\u00f6rbara funktioner<\/h3>\n<ol>\n<li><strong>Sanningen om flottan:<\/strong> tillg\u00e5ng + versionsinventering (EVSE-firmware, styrenhetsavbildningar, versioner av trust store).<\/li>\n<li><strong>SBOM-integration (dynamisk):<\/strong> SBOM mappad till utplacerbara artefakter; kontinuerlig korrelation med s\u00e5rbarhetsinformation.<\/li>\n<li><strong>VEX-driven exponeringshantering:<\/strong> Beh\u00e5ll VEX-satser f\u00f6r att skilja mellan &quot;n\u00e4rvarande men inte utnyttjande&quot; och &quot;utnyttjande i v\u00e5r implementering&quot;, vilket m\u00f6jligg\u00f6r trov\u00e4rdig avgr\u00e4nsning inom T+24-timmarsf\u00f6nstret.<\/li>\n<li><strong>Varf\u00f6r VEX \u00e4r viktigt under dygnet runt:<\/strong> SBOM ber\u00e4ttar vad som finns; VEX hj\u00e4lper dig att avg\u00f6ra vad som \u00e4r <strong>exploaterbar<\/strong>, vilket minskar falsklarm och f\u00f6rhindrar att driftsteam jagar ljud som inte kan utnyttjas.<\/li>\n<li><strong>Intag och triage:<\/strong> leverant\u00f6rsrekommendationer, CVE:er, interna resultat; prioritera utnyttjandem\u00f6jligheter + exponering.<\/li>\n<li><strong>T+24h-arbetsfl\u00f6de f\u00f6r omfattning:<\/strong> SBOM + VEX + inventeringskorrelation f\u00f6r att identifiera drabbade populationer; initiala beslut om inneslutning; bevisinsamling.<\/li>\n<li><strong>T+72h-meddelandearbetsfl\u00f6de:<\/strong> bekr\u00e4ftad omfattning, riskreducerande \u00e5tg\u00e4rder, utrullning\/\u00e5terst\u00e4llningsplan, kommunikationsregister.<\/li>\n<li><strong>Arbetsfl\u00f6de f\u00f6r slutrapport:<\/strong> valideringsbevis + grundorsak + f\u00f6rebyggande f\u00f6rb\u00e4ttringar efter att korrigerande \u00e5tg\u00e4rder \u00e4r tillg\u00e4ngliga.<\/li>\n<li><strong>Patchkadensteknik:<\/strong> etappvis utrullning, \u00e5terst\u00e4llningsplaner, signerade artefakter, verifieringsgrindar.<\/li>\n<li><strong>Till\u00e4mpning av f\u00f6rtroendekedjan:<\/strong> s\u00e4ker start + s\u00e4kra firmwareuppdateringar; signeringsnycklar skyddade i HSM\/s\u00e4kra element.<\/li>\n<li><strong>Evidensbaserad loggning:<\/strong> certifierade h\u00e4ndelser, \u00e4ndringar i f\u00f6rtroendearkiv, \u00e5terkallningsfel, h\u00e4lsotillst\u00e5nd f\u00f6r tidssynkronisering.<\/li>\n<\/ol>\n<p><strong>Scenario med h\u00f6g allvarlighetsgrad f\u00f6rtroende:<\/strong> Om \u00e5terkallelse utl\u00f6ses av en komprometterad rot- eller utf\u00e4rdande nyckel,<br \/>\nbehandla det som en f\u00f6rtroendeincident av h\u00f6gsta allvarlighetsgrad som kr\u00e4ver omedelbar inneslutning och \u00e5tg\u00e4rder f\u00f6r f\u00f6rtroendelagring i hela flottan,<br \/>\noch rapporteringsberedskap anpassad till CRA-myndigheten beroende p\u00e5 effekt och bevis f\u00f6r utnyttjande.<\/p>\n<h3>Checklista f\u00f6r nedr\u00e4kning av incidentrespons fr\u00e5n CRA (operativ mall)<\/h3>\n<h4>T+0 (Uppt\u00e4ckt \/ Medvetenhet)<\/h4>\n<ul>\n<li>Frys bevis: loggar, certifikath\u00e4ndelser, versioner av betrodda arkiv, status f\u00f6r tidssynkronisering<\/li>\n<li>Identifiera ber\u00f6rda ytor: EVSE-firmware, lokala styrenheter, backend-TLS-slutpunkter<\/li>\n<li>Anlita PKI-leverant\u00f6r\/kontakt f\u00f6r backend-s\u00e4kerhet<\/li>\n<\/ul>\n<h4>T+24h (Beredskap f\u00f6r tidig varning)<\/h4>\n<ul>\n<li><strong>K\u00e4rnm\u00e5l:<\/strong> Anv\u00e4nda <strong>SBOM + VEX + flottans inventering<\/strong> att fastst\u00e4lla den drabbade befolkningen och l\u00e4mna in en evidensbaserad tidig varning<\/li>\n<li>Best\u00e4m inneslutning: \u00e5terkalla\/rotera, \u00e5terst\u00e4llning av f\u00f6rtroendelagring, isolering av webbplats<\/li>\n<li>Utkast till tidig varning: omfattning, \u00e5tg\u00e4rder p\u00e5g\u00e5ende, interimistiskt st\u00e4llningstagande<\/li>\n<\/ul>\n<h4>T+72h (Fullst\u00e4ndig aviseringsberedskap)<\/h4>\n<ul>\n<li>Bekr\u00e4fta drabbade populationer per region\/plats; ange saneringsplan + utrullningsmetod<\/li>\n<li>Skapa kund-\/operat\u00f6rskommunikation och eskaleringsprotokoll<\/li>\n<\/ul>\n<h4>Slutrapportf\u00f6nster<\/h4>\n<ul>\n<li>Skicka in slutrapport i enlighet med CRA:s krav (tidpunkten beror p\u00e5 incidentklass)<\/li>\n<li>Bevis f\u00f6r validering efter fixering + l\u00e4rdomar<\/li>\n<\/ul>\n<h2>Kostnads- och riskkvantifiering (mallar som du kan l\u00e4gga till i din fordonsflotta)<\/h2>\n<h3>Manuell f\u00f6rnyelse av arbetskostnadsmodell<\/h3>\n<p>L\u00e5ta:<\/p>\n<ul>\n<li><code>N<\/code> = antal TLS-slutpunkter (EVSE + styrenheter + gateways + hanterade backend-noder)<\/li>\n<li><code>L<\/code> = cert livsl\u00e4ngd (dagar)<\/li>\n<li><code>t<\/code> = m\u00e4nsklig tid per f\u00f6rnyelse (timmar)<\/li>\n<li><code>c<\/code> = full arbetskostnad (USD\/timme)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Arbetskostnad \u2248 N \u00d7 (365 \/ L) \u00d7 t \u00d7 c<\/code><\/pre>\n<h3>Avbrottsriskmodell (utg\u00e5ngsdatum eller misslyckad drifts\u00e4ttning)<\/h3>\n<p>L\u00e5ta:<\/p>\n<ul>\n<li><code>P_miss<\/code> = sannolikhet f\u00f6r missad\/misslyckad f\u00f6rnyelse per cykel<\/li>\n<li><code>H_down<\/code> = f\u00f6rv\u00e4ntade stillest\u00e5ndstimmar per incident<\/li>\n<li><code>C_timme<\/code> = timp\u00e5verkan p\u00e5 verksamheten (f\u00f6rlorade int\u00e4kter, straffavgifter, SLA-krediter)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Avbrottskostnad \u2248 P_miss \u00d7 H_down \u00d7 C_timme<\/code><\/pre>\n<h2>Beslutsguide: N\u00e4r online\u00e5terkallningskontroller misslyckas (OCSP\/CRL Timeout)<\/h2>\n<ol>\n<li><strong>Offentlig plats eller sluten flotta\/dep\u00e5?<\/strong>\n<ul>\n<li>Offentlig \u2192 f\u00f6redra <strong>H\u00e5rdfel<\/strong> (eller strikt kontrollerad n\u00e5d endast med bevis + kompenserande kontroller)<\/li>\n<li>Flotta\/dep\u00e5 \u2192 <strong>N\u00e5d med bevis<\/strong> kan vara acceptabelt f\u00f6r begr\u00e4nsade f\u00f6nster<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u00c4r n\u00e4tverkets tillf\u00f6rlitlighet f\u00f6ruts\u00e4gbar?<\/strong>\n<ul>\n<li>Ja \u2192 Online OCSP\/CRL + \u00f6vervakning<\/li>\n<li>Nej \u2192 <strong>F\u00f6rvalidering av Edge + cachning<\/strong> (CRL-uppdateringsf\u00f6nster, cachade kedjor)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Kan du minska onlineberoendet under sessionen?<\/strong>\n<ul>\n<li>D\u00e4r det \u00e4r m\u00f6jligt \u2192 anta <strong>OCSP-h\u00e4ftm\u00f6nster<\/strong> (trycks\u00e4ker n\u00e4rmare kanten)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Har ni bevisloggning + tidssynkroniseringsstyrning?<\/strong>\n<ul>\n<li>Om inte \u2192 \u00e5tg\u00e4rda dessa f\u00f6rst; degraderade policyer \u00e4r sv\u00e5ra att f\u00f6rsvara utan dem.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>Praktisk ansvarsmatris (gr\u00e4nser som f\u00f6rhindrar avbrott)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Roll<\/th>\n<th>Utgivning<\/th>\n<th>Godk\u00e4nnande<\/th>\n<th>Rapportering<\/th>\n<th>Uppdatera kadens<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CPO:er<\/strong><\/td>\n<td>TLS\/identitetsstrategi; till\u00e4mpa automatisk f\u00f6rnyelse; underh\u00e5lla slutpunktsinventering; planera f\u00f6r CA-\u00f6verg\u00e5ngsbeteende (199-dagars utf\u00e4rdande fr\u00e5n 24 februari f\u00f6r DigiCert)<\/td>\n<td>Definiera policy f\u00f6r h\u00e5rda\/mjuka fel; aktualitet f\u00f6r \u00e5terkallelseartefakter; <strong>Styrning av tidssynkronisering<\/strong> (NTP\/PTP, drift\u00f6vervakning, varningar)<\/td>\n<td>Driva incidentplaner; driva CRA-anpassad rapporteringsberedskap (24 timmar\/72 timmar\/slutgiltigt)<\/td>\n<td>Kontinuerlig \u00f6vervakning av utg\u00e5ngsdatum; uppdatering av trust-store; akuta \u00e4ndringar av trust-ankare; tidssynkroniserade granskningar<\/td>\n<\/tr>\n<tr>\n<td><strong>EVSE-OEM:er<\/strong><\/td>\n<td>H\u00e5rdvarubaserad nyckellagring; enhetsidentitetsposition; automatiseringshooks; s\u00e4kra start-\/uppdateringsprimitiver<\/td>\n<td>TLS-status; kedjebyggande; \u00e5terkallningsbeteende; hantering av f\u00f6rtroendelagring; s\u00e4ker start + s\u00e4ker uppdateringskedja f\u00f6r firmware<\/td>\n<td>Hantering av produkts\u00e5rbarheter; r\u00e5dgivning; \u00e5tg\u00e4rdspaket; st\u00f6d f\u00f6r operat\u00f6rsrapportering med tekniska fakta<\/td>\n<td>Regelbundna utg\u00e5vor + n\u00f6dpatchar; definierade supportf\u00f6nster; handb\u00f6cker f\u00f6r nyckelrotation<\/td>\n<\/tr>\n<tr>\n<td><strong>Backend-\/V2G PKI-leverant\u00f6rer<\/strong><\/td>\n<td>Utgivning av kontraktsekosystem (d\u00e4r det ing\u00e5r); CA\/RA-operationer; utgivningspolicy<\/td>\n<td>Backend-validering; OCSP\/CRL-tillg\u00e4nglighet; styrning av f\u00f6rtroendeankare<\/td>\n<td>Tillhandah\u00e5ll fakta om incidenter\/s\u00e5rbarheter; st\u00f6dja bevispaket f\u00f6r tidslinjer f\u00f6r CRA<\/td>\n<td>T\u00e4ta uppdateringar av policyer\/f\u00f6rtroendeankare; OCSP\/CRL-motst\u00e5ndskraftsteknik; kontinuerlig \u00f6vervakning<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Ordlista<\/h2>\n<ul>\n<li><strong>PKI:<\/strong> Infrastruktur f\u00f6r publika nycklar (utgivning, validering, f\u00f6rtroendeankare, \u00e5terkallelse)<\/li>\n<li><strong>H\u00d6JDPUNKT:<\/strong> Automatiserad certifikathanteringsmilj\u00f6 (automatiserad utf\u00e4rdande\/f\u00f6rnyelse)<\/li>\n<li><strong>OCSP \/ CRL:<\/strong> Protokoll f\u00f6r onlinecertifikatstatus \/ Lista \u00f6ver \u00e5terkallade certifikat<\/li>\n<li><strong>OCSP-h\u00e4ftning:<\/strong> Servern presenterar \u00e5terkallningsbevis f\u00f6r att minska beroendet av live OCSP<\/li>\n<li><strong>F\u00f6rtroendeankare:<\/strong> Rot-\/mellancertifikat som dina validerare litar p\u00e5<\/li>\n<li><strong>SBOM:<\/strong> Programvaruf\u00f6rteckning (komponentinventering f\u00f6r s\u00e5rbarhetsbed\u00f6mning)<\/li>\n<li><strong>F\u00d6RARGA:<\/strong> S\u00e5rbarhet Utnyttjande eXchange (statusutl\u00e5tanden om utnyttjande)<\/li>\n<li><strong>TLS 1.3:<\/strong> Modern TLS-profil; handskakning + certifikatvalidering f\u00f6rblir latensk\u00e4nslig<\/li>\n<li><strong>VMP:<\/strong> Process f\u00f6r s\u00e5rbarhetshantering (intag, triage, patchning, rapportering, bevis)<\/li>\n<\/ul>\n<h2>Fram\u00e5tblickande risk: Kryptoagilitet och PQC-beredskap<\/h2>\n<p>Medan 2026 domineras av korta TLS-livsl\u00e4ngder och rapportering fr\u00e5n CRA, b\u00f6r laddningsinfrastrukturer b\u00f6rja utv\u00e4rderas<br \/>\n<strong>kryptoagilitet<\/strong>Med l\u00e5nglivade tillg\u00e5ngar (fordon och laddare) b\u00f6r arkitekturer undvika h\u00e5rdvarul\u00e5sning genom att s\u00e4kerst\u00e4lla<br \/>\nHSM\/s\u00e4kra element och inb\u00e4ddade stackar kan st\u00f6dja framtida uppdateringar av algoritmer och certifikatprofiler utan att kr\u00e4va en h\u00e5rdvaruuppdatering.<\/p>\n<h2>Vanliga fr\u00e5gor<\/h2>\n<h3>Kan Plug &amp; Charge fungera offline?<\/h3>\n<p>Delvis \u2013 avsiktligt. Offline P&amp;C kontrolleras med hj\u00e4lp av lokal f\u00f6rtroendecachning (ankare\/mellanprodukter\/CRL:er d\u00e4r det \u00e4r m\u00f6jligt),<br \/>\nexplicita grace-policyer och buffrade revisionsloggar f\u00f6r avst\u00e4mning. Den b\u00f6r inte kringg\u00e5 PKI; den b\u00f6r minska beroendet av live-moln<br \/>\nsamtidigt som integritet och granskningsbarhet bevaras.<\/p>\n<h3>Hur ofta beh\u00f6ver vi f\u00f6rnya certifikat med en giltighetstid p\u00e5 under 199\/200 dagar?<\/h3>\n<p>Planera f\u00f6r flera f\u00f6rnyelsecykler per \u00e5r och slutpunkt. F\u00f6r m\u00e5nga operat\u00f6rer b\u00f6rjar den operativa \u00f6verg\u00e5ngen<br \/>\n<strong>24 februari 2026<\/strong> eftersom DigiCert kommer att utf\u00e4rda offentliga TLS-certifikat med maximalt <strong>199 dagar<\/strong> giltighet fr\u00e5n det datumet.<br \/>\nP\u00e5 en bredare ekosystemniv\u00e5 definierar baslinjekraven en etappvis minskning till <strong>200\/100\/47 dagar<\/strong>.<\/p>\n<h3>Vad utl\u00f6ser rapporteringsskyldigheter f\u00f6r kreditv\u00e4rderingsinstitut?<\/h3>\n<p>Regler f\u00f6r kreditv\u00e4rderingsinstitutets rapportering kr\u00e4ver <strong>24-timmars tidig varning<\/strong> och <strong>72-timmars avisering<\/strong> f\u00f6r aktivt utnyttjade s\u00e5rbarheter och allvarliga incidenter,<br \/>\nplus slutliga rapporteringsf\u00f6nster. En storskalig st\u00f6rning av P&amp;C-f\u00f6rtroendet (t.ex. skadlig \u00e5terkallelse eller valideringskompromiss) kan kvalificera beroende p\u00e5<br \/>\nbaserat p\u00e5 bevis p\u00e5 p\u00e5verkan och utnyttjande; en CRA-klar VMP b\u00f6r st\u00f6dja <strong>SBOM + VEX + flottans inventering<\/strong> omfattning inom de f\u00f6rsta 24 timmarna.<\/p>\n<\/article>","protected":false},"excerpt":{"rendered":"<p>TL;DR (Executive Action Summary) TLS cutover is a hard boundary (not a suggestion): From February 24, 2026, DigiCert will stop accepting public TLS certificate requests with validity greater than 199 days, and certificates issued from that date have a 199-day maximum validity. This is the practical cutover for many operators\u2014renewal velocity increases immediately. The 200\u2192100\u219247-day [&hellip;]<\/p>","protected":false},"author":3,"featured_media":37917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[143,142,158,146,151,152,159,157,99,153,141,147,149,150,145,98,154,144,148,155,156],"class_list":["post-38532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-acme","tag-certificate-lifecycle","tag-cra-compliance","tag-crl","tag-cross-signing","tag-edge-proxy","tag-ev-charging-infrastructure-2026","tag-evse-security","tag-iso-15118","tag-local-controller","tag-ocsp","tag-ocsp-stapling","tag-offline-charging","tag-path-validation","tag-pki","tag-plug-charge","tag-sbom","tag-tls-1-3","tag-trust-anchors","tag-vex","tag-vulnerability-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)<\/title>\n<meta name=\"description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.evb.com\/sv\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"sv_SE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)\" \/>\n<meta property=\"og:description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.evb.com\/sv\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"EVB\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-12T07:13:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-16T12:39:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"evb\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Skriven av\" \/>\n\t<meta name=\"twitter:data1\" content=\"evb\" \/>\n\t<meta name=\"twitter:label2\" content=\"Ber\u00e4knad l\u00e4stid\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minuter\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"author\":{\"name\":\"evb\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\"},\"headline\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"wordCount\":2523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"keywords\":[\"ACME\",\"Certificate Lifecycle\",\"CRA Compliance\",\"CRL\",\"Cross-signing\",\"Edge Proxy\",\"EV Charging Infrastructure 2026\",\"EVSE Security\",\"ISO 15118\",\"Local Controller\",\"OCSP\",\"OCSP Stapling\",\"Offline Charging\",\"Path Validation\",\"PKI\",\"Plug &amp; Charge\",\"SBOM\",\"TLS 1.3\",\"Trust Anchors\",\"VEX\",\"Vulnerability Management\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"sv-SE\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\\\/200-Day + CRA 24h\\\/72h)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"description\":\"Manage ISO 15118 certificates in 2026: 199\\\/200-day TLS renewals, ACME automation, revocation failures (OCSP\\\/CRL), offline Plug & Charge, and CRA 24h\\\/72h reporting readiness.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\"},\"inLanguage\":\"sv-SE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sv-SE\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"width\":1280,\"height\":721,\"caption\":\"EVB 4 Guns 480kw dc ev charger with energy storage battery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.evb.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"name\":\"EVB\",\"description\":\"Smart EV Charging &amp; Energy Storage Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.evb.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sv-SE\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\",\"name\":\"EVB\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sv-SE\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"width\":605,\"height\":626,\"caption\":\"EVB\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\",\"name\":\"evb\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sv-SE\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"caption\":\"evb\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.evb.com\/sv\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_locale":"sv_SE","og_type":"article","og_title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","og_description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","og_url":"https:\/\/www.evb.com\/sv\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_site_name":"EVB","article_published_time":"2026-01-12T07:13:14+00:00","article_modified_time":"2026-01-16T12:39:19+00:00","og_image":[{"width":1280,"height":721,"url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","type":"image\/webp"}],"author":"evb","twitter_card":"summary_large_image","twitter_misc":{"Skriven av":"evb","Ber\u00e4knad l\u00e4stid":"11 minuter"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#article","isPartOf":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"author":{"name":"evb","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0"},"headline":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"wordCount":2523,"commentCount":0,"publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","keywords":["ACME","Certificate Lifecycle","CRA Compliance","CRL","Cross-signing","Edge Proxy","EV Charging Infrastructure 2026","EVSE Security","ISO 15118","Local Controller","OCSP","OCSP Stapling","Offline Charging","Path Validation","PKI","Plug &amp; Charge","SBOM","TLS 1.3","Trust Anchors","VEX","Vulnerability Management"],"articleSection":["Blog"],"inLanguage":"sv-SE","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","url":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","name":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","isPartOf":{"@id":"https:\/\/www.evb.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","breadcrumb":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb"},"inLanguage":"sv-SE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"sv-SE","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","width":1280,"height":721,"caption":"EVB 4 Guns 480kw dc ev charger with energy storage battery"},{"@type":"BreadcrumbList","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.evb.com\/"},{"@type":"ListItem","position":2,"name":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.evb.com\/#website","url":"https:\/\/www.evb.com\/","name":"EVB","description":"Smart EV Charging &amp; Energy Storage Solutions","publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.evb.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sv-SE"},{"@type":"Organization","@id":"https:\/\/www.evb.com\/#organization","name":"EVB","url":"https:\/\/www.evb.com\/","logo":{"@type":"ImageObject","inLanguage":"sv-SE","@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","width":605,"height":626,"caption":"EVB"},"image":{"@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0","name":"evb","image":{"@type":"ImageObject","inLanguage":"sv-SE","@id":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","caption":"evb"}}]}},"_links":{"self":[{"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/posts\/38532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/comments?post=38532"}],"version-history":[{"count":5,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/posts\/38532\/revisions"}],"predecessor-version":[{"id":38581,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/posts\/38532\/revisions\/38581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/media\/37917"}],"wp:attachment":[{"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/media?parent=38532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/categories?post=38532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evb.com\/sv\/wp-json\/wp\/v2\/tags?post=38532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}