{"id":38532,"date":"2026-01-12T15:13:14","date_gmt":"2026-01-12T07:13:14","guid":{"rendered":"https:\/\/www.evb.com\/?p=38532"},"modified":"2026-01-16T20:39:19","modified_gmt":"2026-01-16T12:39:19","slug":"iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance","status":"publish","type":"post","link":"https:\/\/www.evb.com\/uz\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","title":{"rendered":"2026-yilda ISO 15118 sertifikatining hayot aylanishini boshqarish: TLS shoshilinchligidan CRA muvofiqligigacha"},"content":{"rendered":"<article>\n<div class=\"mceTemp\"><\/div>\n<figure id=\"attachment_36118\" aria-describedby=\"caption-attachment-36118\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-36118\" title=\"EVB zaryadlash va energiya saqlash mahsulot liniyasiga umumiy nuqtai nazar\" src=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg\" alt=\"AC va DC EV zaryadlovchi qurilmalari va tijorat energiya saqlash tizimlarining EVB portfeli\" width=\"635\" height=\"397\" srcset=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027.jpeg 2560w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-1536x960.jpeg 1536w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-2048x1280.jpeg 2048w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-18x12.jpeg 18w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-600x375.jpeg 600w, https:\/\/www.evb.com\/wp-content\/uploads\/2025\/11\/20251119-212027-768x480.jpeg 768w\" sizes=\"auto, (max-width: 635px) 100vw, 635px\" \/><figcaption id=\"caption-attachment-36118\" class=\"wp-caption-text\"><a href=\"https:\/\/www.evb.com\/uz\/\">EVB AC va DC EV zaryadlovchilarining to&#039;liq assortimentini taklif etadi<\/a><\/figcaption><\/figure>\n<h2>TL;DR (Ijroiya harakatlarining qisqacha mazmuni)<\/h2>\n<ul>\n<li><strong>TLS uzilishi qiyin chegara (taklif emas):<\/strong> Kimdan <strong>2026-yil 24-fevral<\/strong>, DigiCert bo&#039;ladi <strong>qabul qilishni to&#039;xtating<\/strong> amal qilish muddatiga ega ommaviy TLS sertifikat so&#039;rovlari <strong>199 kundan ortiq<\/strong>va o&#039;sha sanadan boshlab berilgan sertifikatlar a <strong>Maksimal amal qilish muddati 199 kun<\/strong>Bu ko&#039;plab operatorlar uchun amaliy o&#039;zgarishdir \u2014 yangilanish tezligi darhol oshadi.<\/li>\n<li><strong>200\u2192100\u219247 kunlik yo&#039;l xaritasi allaqachon aniqlangan:<\/strong> CA\/Brauzer Forumining Asosiy Talablari bosqichma-bosqich qisqartirishni belgilaydi: <strong>2026-yil 15-martdan boshlab 200 kun<\/strong>, <strong>2027-yil 15-martdan boshlab 100 kun<\/strong>, va <strong>2029-yil 15-martdan boshlab 47 kun<\/strong>.<\/li>\n<li><strong>CRA muvofiqlik soatini qo&#039;shadi:<\/strong> CRA hisobot berish qoidalari talab qiladi <strong>24 soat ichida erta ogohlantirish<\/strong>, <strong>72 soat ichida to&#039;liq xabarnoma<\/strong>va faol ravishda foydalanilgan zaifliklar va jiddiy hodisalar uchun yakuniy hisobot berish oynalarini aniqladi.<\/li>\n<li><strong>Yashirin xavfning asosiy sababi amal qilish muddati emas:<\/strong> Tizimli nosozlik rejimi <strong>ishonch langari drifti<\/strong>\u2014EVSE, mahalliy kontrollerlar va orqa tomonni tasdiqlash yo&#039;llarida ildizlar\/oraliqlar\/o&#039;zaro imzolash o&#039;zgarishlari sinxronlashmagan.<\/li>\n<li><strong>Ish vaqtini himoya qilish uchun birinchi investitsiya:<\/strong> Tizimga asoslangan avtomatlashtirish (ACME + inventarizatsiya + bosqichma-bosqich joriy etish) plyus <strong>chekka uzluksizligi<\/strong> (mahalliy tasdiqlash\/keshlash, dalillar jurnallari va vaqtni sinxronlashtirishni boshqarish).<\/li>\n<\/ul>\n<h2>Kirish: 2026-yilda Plug &amp; Charge operatsion tizimga aylanadi<\/h2>\n<p>2026-yilda Plug &amp; Charge (P&amp;C) &quot;sozlang va unuting&quot; funksiyasi bo&#039;lishdan to&#039;xtaydi va ... ga aylanadi. <strong>uzluksiz operatsion tizim<\/strong>.<br \/>\nISO 15118 ishonch darajasi (PKI + TLS + bekor qilish + yangilanishlar) endi qo&#039;lda bajariladigan ish jarayonlariga toqat qilmaydigan vaqt jadvallari bilan boshqariladi.<\/p>\n<p>Tizim chegarasini \u2014 ISO 15118 nima uchun javobgar ekanligini va OCPP nima uchun javobgar ekanligini tushunish uchun bizning qo&#039;shimcha maqolamizdan boshlang:<br \/>\n<a href=\"https:\/\/www.evb.com\/uz\/iso-15118-ocpp-in-2026-real-world-deployment-pki-and-grid-readiness\/\">ISO 15118 va OCPP joylashtirish haqiqati 2026-yilda<\/a>.<\/p>\n<p>Darhol bosim <strong>TLS hayot aylanishini siqish<\/strong>Operatsion jihatdan siz &quot;martgacha kuta&quot; olmaysiz.<br \/>\nDigiCert bo&#039;ladi <strong>qabul qilishni to&#039;xtating<\/strong> ommaviy TLS so&#039;rovlari oshib ketdi <strong>199 kun<\/strong> boshlang&#039;ich <strong>2026-yil 24-fevral<\/strong>,<br \/>\nva o&#039;sha kundan boshlab berilgan sertifikatlar quyidagilarga ega bo&#039;ladi <strong>Maksimal amal qilish muddati 199 kun<\/strong>.<br \/>\nDigiCert shuningdek, muhim operatsion tafsilotni ta&#039;kidlaydi: ruxsat etilgan maksimal amal qilish muddati quyidagilar bilan belgilanadi <strong>berilgan sana<\/strong>, buyurtma berilganda emas.<\/p>\n<p>Shu bilan birga, Yevropa Ittifoqining Kiber Chidamlilik to&#039;g&#039;risidagi qonuni (CRA) ikkinchi soatni joriy etadi: hisobot berish qoidalari talab qiladi<br \/>\n<strong>24 soatlik erta ogohlantirish<\/strong> va <strong>72 soatlik bildirishnoma<\/strong> raqamli elementlarga ega mahsulotlarga ta&#039;sir qiluvchi faol ravishda foydalanilgan zaifliklar va jiddiy hodisalar uchun.<\/p>\n<p>Ushbu qo&#039;llanma ushbu cheklovlar ostida ISO 15118 sertifikatlarini ishlatish uchun arxitektura va xavflarni boshqarishga qaratilgan.<\/p>\n<h2>2024\u20132026 yillardagi muhim bosqichlar va zarur harakatlar (Matn Gantt)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Deraza<\/th>\n<th>2024-yil 2-chorak<\/th>\n<th>2025 H1<\/th>\n<th>2025-yil 2-chorak<\/th>\n<th><strong>2026-yil 24-fevral<\/strong><\/th>\n<th><strong>2026-yil 15-mart<\/strong><\/th>\n<th><strong>2026-yil 11-sentabr<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Tashqi o&#039;zgarish<\/strong><\/td>\n<td>CA o&#039;tish signallari<\/td>\n<td>Uchuvchi avtomatlashtirish<\/td>\n<td>Ishonchli langar matkaplari<\/td>\n<td><strong>DigiCert 199 kunlik emissiya boshlandi<\/strong><\/td>\n<td><strong>200 kunlik BR cheklov bosqichi boshlanadi<\/strong><\/td>\n<td>CRA hisobot majburiyatlari faol (ko&#039;rsatmalarga muvofiq)<\/td>\n<\/tr>\n<tr>\n<td><strong>Nima qilsa bo&#039;ladi<\/strong><\/td>\n<td>Inventarizatsiya tugash nuqtalari<\/td>\n<td>ACME uchuvchisi + telemetriya<\/td>\n<td>Oflayn strategiya + ishonch do&#039;konini joriy etish<\/td>\n<td>Qo&#039;lda yangilash yo&#039;llarini muzlatib qo&#039;ying<\/td>\n<td>To&#039;liq tizimga asoslangan yangilanishlar<\/td>\n<td>CRA stol usti + dalillarni o&#039;rganish mashqlarini bajaring<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Operatsion eslatma:<\/strong> 2026-yil 24-fevral ko&#039;pincha haqiqiy yakuniy nuqtadir, chunki emissiya xatti-harakatlari yirik CAlarga qaraganda o&#039;zgaradi.<\/p>\n<p><strong>Siyosat eslatmasi:<\/strong> Bosqichma-bosqich umr bo&#039;yi qisqartirishlar Asosiy talablarda (200\/100\/47 kun) belgilangan.<\/p>\n<h2>Hayotiy tsikl manzarasi: Ta&#039;minot \u2192 Operatsiya \u2192 Yangilash \u2192 Bekor qilish<\/h2>\n<h3>Hayotiy tsikl xaritasi (nimalarni boshqarishingiz kerak)<\/h3>\n<ol>\n<li><strong>OEM ta&#039;minoti:<\/strong> Kalitlar yaratildi\/in&#039;ektsiya qilindi; ishonch ildizi o&#039;rnatildi (HSM\/xavfsiz element).<\/li>\n<li><strong>Shartnoma asosida ro&#039;yxatdan o&#039;tish:<\/strong> Foydalanuvchi shartnomalariga bog&#039;liq shartnoma sertifikatlari (ekotizimga bog&#039;liq).<\/li>\n<li><strong>EVSE ni ishga tushirish:<\/strong> Ishonch do&#039;konining asosiy ko&#039;rsatkichlari, siyosatlari va vaqtni sinxronlashtirish bazaviy ko&#039;rsatkichlari o&#039;rnatildi.<\/li>\n<li><strong>Operatsion tasdiqlash:<\/strong> TLS aloqalari, zanjir yaratish, bekor qilishni tekshirish, siyosatni amalga oshirish.<\/li>\n<li><strong>Yangilash \/ qayta chiqarish:<\/strong> Avtomatlashtirish + bosqichma-bosqich joriy etish + orqaga qaytarish.<\/li>\n<li><strong>Bekor qilish \/ hodisaga javob:<\/strong> Murosaga kelish\/noto&#039;g&#039;ri berish\/foydalanish \u2192 bekor qilish\/aylantirish\/tiklash.<\/li>\n<li><strong>Qayta tiklash va yarashtirish:<\/strong> Auditlash imkoniyati va hisob-kitoblarning yaxlitligini saqlab qolgan holda xizmatni tiklash.<\/li>\n<\/ol>\n<h3>Kam baholangan muvaffaqiyatsizlik nuqtasi: Ishonchli Anchor Drift<\/h3>\n<p>Ko&#039;p OEM muhitlaridagi &quot;sirli P&amp;C nosozliklari&quot;ning aksariyati bitta muddati o&#039;tgan sertifikat emas - ular<br \/>\n<strong>yo&#039;lni tekshirishdagi xatolar<\/strong> ishonch langari siljishi natijasida yuzaga kelgan:<\/p>\n<ul>\n<li>Yangi ildizlar\/oraliqlar paydo bo&#039;ladi (ko&#039;p ildizli haqiqat).<\/li>\n<li><strong>Xoch imzolash<\/strong> o&#039;zgarishlar mumkin bo&#039;lgan zanjirlarni o&#039;zgartiradi.<\/li>\n<li>Backend ishonch do&#039;konlari EVSE\/mahalliy kontrollerlarga qaraganda tezroq yangilanadi.<\/li>\n<li>Bekor qilish artefaktlari chekkada eskiradi.<\/li>\n<\/ul>\n<p>Ishonch langari yangilanishlarini xavfsizlik uchun muhim o&#039;zgarish jarayoni sifatida ko&#039;rib chiqing:<\/p>\n<ul>\n<li>Versiyalangan ishonch do&#039;konlari<\/li>\n<li>Kanareykalarni joylashtirish<\/li>\n<li>Orqaga qaytarish rejalari<\/li>\n<li>Emitent\/seriya\/yo&#039;l tomonidan tasdiqlashdagi xatoliklar bo&#039;yicha telemetriya<\/li>\n<li>\u201cKim nimani, qachon yangilaydi\u201d uchun aniq egasi<\/li>\n<\/ul>\n<p><strong>Xoch imzolash va yo&#039;l qurishdagi muvaffaqiyatsizliklar (2026 yilgi haqiqat):<\/strong> Ko&#039;p ildizli ISO 15118 ekotizimlarida,<br \/>\nPlug &amp; Charge ko&#039;pincha sertifikat yaroqsiz bo&#039;lgani uchun emas, balki EVSE haqiqiy sertifikatni yarata olmagani uchun ishlamay qoladi.<br \/>\n<strong>sertifikat yo&#039;li<\/strong> o&#039;zaro imzolangan o&#039;zgarishlardan so&#039;ng (yangi oraliq mahsulotlar, ko&#039;prik CAlari, qayta chiqarilgan zanjirlar).<br \/>\nKo&#039;proq OEM va PKI domenlari birlashgani sari, yo&#039;lning murakkabligi oshadi. Agar chekka ishonch omborlari (EVSE\/mahalliy kontrollerlar) bo&#039;lsa<br \/>\norqa tomon yangilanishlaridan orqada qolsa, TLS aloqalari hatto orqa tomon sertifikatlari alohida &quot;haqiqiy&quot; ko&#039;rinsa ham muvaffaqiyatsiz bo&#039;lishi mumkin.<\/p>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>1-rasm (Tavsiya etilgan vizual): Multi-Root ISO 15118 da yo&#039;lni tekshirish<\/strong><\/p>\n<p>(V2G Root \/ OEM Root \/ Contract Root, oraliq mahsulotlar va o&#039;zaro faoliyat belgili ko&#039;priklarni ko&#039;rsating.)<br \/>\nAgar ishonchli do&#039;konlar sinxron ravishda yangilanmasa, yangi o&#039;zaro imzolangan oraliq vosita EVSEda yo&#039;l qurishni to&#039;xtatadigan joyni belgilang.)<\/p>\n<p><strong>Asosiy xabar:<\/strong> Aslida, elektr ta&#039;minoti va konditsionerlikdagi uzilishlarning aksariyati &quot;PKI&quot; tufayli yuzaga keladi. <strong>yo&#039;lni tekshirishdagi xatolar<\/strong> o&#039;zaro imzolash drifti va sinxronlashtirilmagan ishonch do&#039;konlari tomonidan boshqariladi.<\/p><\/blockquote>\n<h2>ACME va avtomatlashtirish: 199\/200 kunlik umr ko&#039;rish muddati davomida inson tomonidan boshqariladigan va tizim tomonidan boshqariladigan<\/h2>\n<h3>Nima uchun qo&#039;lda yangilash deterministik uzilish generatoriga aylanadi<\/h3>\n<p>Qisqa muddatlar yangilanishlarni uzluksiz qiladi. DigiCertning o&#039;tishi <strong>2026-yil 24-fevraldan boshlab 199 kun<\/strong><br \/>\nbuni ko&#039;plab parklar uchun darhol ishga tushirishga imkon beradi. Va kengroq sanoat vaqt jadvali allaqachon aniqlangan:<br \/>\n<strong>200 kun<\/strong> (2026-yil 15-martdan), keyin <strong>100 kun<\/strong>, keyin <strong>47 kun<\/strong>.<\/p>\n<p>Har qanday flot uchun yangilanish tadbirlari quyidagicha miqyoslanadi:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Yiliga yangilanish hodisalari \u2248 N \u00d7 (365 \/ L)<\/code><\/pre>\n<p>Qayerda <code>N<\/code> TLS so&#039;nggi nuqtalari soni va <code>L<\/code> sertifikat umrbod amal qiladi (kunlar).<br \/>\nAs <code>L<\/code> kamayadi, inson tomonidan boshqariladigan yangilanish ish vaqti maqsadlari bilan matematik jihatdan mos kelmaydi.<\/p>\n<h3>Stsenariy (Doska darajasidagi o&#039;lchamlar)<\/h3>\n<p>CPO faoliyati uchun <strong>5000 ta so&#039;nggi nuqta<\/strong>, 199 kunlik umr quyidagilarni anglatadi:<\/p>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Yangilanish tadbirlari\/yil \u2248 5000 \u00d7 (365 \/ 199) \u2248 9,171<\/code><\/pre>\n<p>Bu miqyosda, hatto a <strong>1% inson xato darajasi<\/strong> taxminan tarjima qilinadi<br \/>\n<strong>Yiliga 92 ta sertifikatga asoslangan uzilishlar<\/strong>\u2014 eng yuqori soatlardagi ta&#039;sirni hisobga olishdan oldin,<br \/>\nSLA jarimalari yoki markaz bo&#039;ylab kaskadli nosozliklar.<\/p>\n<h3>Zaryadlash tarmoqlarida ACME: nimani avtomatlashtirishi kerak<\/h3>\n<p>ACME (Avtomatlashtirilgan sertifikatlarni boshqarish muhiti) quyidagilar uchun yangilanishlarni siyosatga asoslangan operatsiyalarga aylantiradi:<\/p>\n<ul>\n<li>EVSE \u2194 orqa TLS<\/li>\n<li>Mahalliy kontroller \/ chekka proksi-server TLS<\/li>\n<li>Sayt shlyuzlari va markaz kontrollerlari<\/li>\n<\/ul>\n<p><strong>Tizimga asoslangan ish jarayoni (arxitektura naqshlari)<\/strong><\/p>\n<ol>\n<li><strong>Inventarizatsiya<\/strong> har bir oxirgi nuqta (emitent, seriya raqami, zanjir, amal qilish muddati, oxirgi aylanish).<\/li>\n<li><strong>Yangilashdan oldingi siyosat<\/strong> (&quot;muddati tugashiga yaqin&quot; emas, balki belgilangan chegarada yangilang).<\/li>\n<li><strong>Uskuna bilan ta&#039;minlangan kalitlar<\/strong> iloji bo&#039;lsa; shaxsiy kalitlarni eksport qilishdan saqlaning.<\/li>\n<li><strong>Bosqichma-bosqich tarqatish<\/strong> sog&#039;liqni saqlash tekshiruvlari bilan (qo&#039;l berib ko&#039;rishish + avtorizatsiya + sessiya boshlanishi).<\/li>\n<li><strong>Avtomatik orqaga qaytarish<\/strong> yuqori darajadagi nosozliklar bo&#039;yicha.<\/li>\n<li><strong>Dalillar jurnallari<\/strong> har bir chiqarish\/joylashtirish uchun (muvofiqlik darajasidagi kuzatuv).<\/li>\n<\/ol>\n<p><strong>Inson boshchiligidagi va tizim boshchiligidagi<\/strong><\/p>\n<ul>\n<li>Inson tomonidan boshqariladigan: Chiptalar, elektron jadvallar, kechiktirilgan yangilanishlar, noaniq egalik, xavfli favqulodda o&#039;zgarishlar.<\/li>\n<li>Tizimga asoslangan: Deterministik siyosatlar, avtomatlashtirilgan chiqarish, nazorat ostida joriy etish, uzluksiz telemetriya, audit qilinadigan dalillar.<\/li>\n<\/ul>\n<h2>Bekor qilish tekshiruvlari: \u201cP&amp;C qotili\u201d (CRL va OCSP, zaif tarmoqlar va himoyalanadigan siyosatlar)<\/h2>\n<h3>Nima uchun OCSP\/CRL garajlar va omborlarda ishlamay qoladi<\/h3>\n<ul>\n<li>Zaif\/vaqtinchalik LTE\/5G<\/li>\n<li>Cheklangan chiqish (xavfsizlik devorlari\/maxfiy portallar)<\/li>\n<li>Kechikishga sezgir tasdiqlash bosqichlari<\/li>\n<li>Tashqi bog&#039;liqliklar (OCSP javob beruvchilari, CRL tarqatish nuqtalari)<\/li>\n<\/ul>\n<p>Natija: EVSE sessiyani boshlashi mumkin, ammo yakunlay olmaydi <strong>bekor qilishni tasdiqlash<\/strong> ishonchli tarzda.<\/p>\n<h3>CRL va OCSP: amaliy murosaga kelish<\/h3>\n<ul>\n<li><strong>CRL:<\/strong> og&#039;irroq yuklab olishlar, lekin keshlash va jadvalga muvofiq yangilash mumkin (chekkalarning uzluksizligi uchun yaxshi).<\/li>\n<li><strong>OCSP:<\/strong> har bir so&#039;rov bo&#039;yicha yengil, lekin ko&#039;pincha eng zaif chekkada jonli efirga uzatilishini talab qiladi.<\/li>\n<\/ul>\n<p>2026-yilda to&#039;g&#039;ri holat qatlamlarga bo&#039;linadi:<\/p>\n<ul>\n<li>Chidamlilik uchun rejalashtirilgan CRL keshlash<\/li>\n<li>Ulanish ishonchli bo&#039;lgan OCSP<\/li>\n<li>Yomonlashgan sharoitlar uchun aniq siyosat<\/li>\n<\/ul>\n<h3>Nima uchun &quot;yumshoq muvaffaqiyatsizlik&quot;ni himoya qilish qiyinlashib bormoqda<\/h3>\n<p>Tarixan, &quot;soft-fail&quot; (agar bekor qilish vaqtini tekshirsa, sessiyaga ruxsat berish) mavjudligini saqlab qoldi.<br \/>\n2026-yilda yumshoq muvaffaqiyatsizlikni oqlash qiyinlashadi, chunki:<\/p>\n<ul>\n<li>Hayot muddati qisqaroq (eskirgan taxminlarga nisbatan kamroq bag&#039;rikenglik)<\/li>\n<li>CRA hisobot berish soati hodisalar intizomini va dalillarni izlashni kuchaytiradi<\/li>\n<\/ul>\n<p>Himoyalanadigan dizayn aniq, hujjatlashtirilgan siyosatni talab qiladi:<\/p>\n<ul>\n<li><strong>Qiyin muvaffaqiyatsizlik<\/strong> jamoat\/yuqori xavfli muhitlar uchun<\/li>\n<li><strong>Dalillarga boy inoyat<\/strong> yopiq avtoparklar uchun (cheklangan oyna + kompensatsiya boshqaruvi)<\/li>\n<li><strong>Dalillarni qayd etish<\/strong> har bir buzilgan qaror uchun<\/li>\n<\/ul>\n<h3>Arxitekturaviy yumshatishlar (naqshlar, mahsulot va&#039;dalari emas)<\/h3>\n<p><strong>1-naqsh: Chegaralarni oldindan tekshirish + keshlash<\/strong><\/p>\n<ul>\n<li>Belgilangan yangilik oynalari bilan kesh CRLlari<\/li>\n<li>Kesh oraliq mahsulotlari va tasdiqlangan zanjirlar<\/li>\n<li>&quot;Yaxshi ulanish&quot; davrlarida oldindan yuklab olish<\/li>\n<\/ul>\n<p><strong>2-naqsh: OCSP z\u0131mbalama (iloji bo&#039;lsa)<\/strong><\/p>\n<p>OCSP z\u0131mbalama bekor qilish isbotini yetkazib berishni eng zaif tomondan uzoqlashtiradi - sessiyani o&#039;rnatish paytida CA infratuzilmasiga jonli bog&#039;liqlikni kamaytiradi.<\/p>\n<p><strong>Amalga oshirish to&#039;g&#039;risidagi eslatma (o&#039;rnatilgan reallik):<\/strong> EVSE muhitida z\u0131mbalama bilan bog&#039;liq kengaytma qo&#039;llab-quvvatlashini tasdiqlang<br \/>\no&#039;rnatilgan TLS stack va tuzilish konfiguratsiyasida (masalan, mbedTLS, wolfSSL) va eski apparatdagi xatti-harakatlarni tekshirish,<br \/>\nchunki funksiyalarning to&#039;liqligi va xotira\/RTOS cheklovlari har xil.<\/p>\n<p><strong>3-naqsh: Ko&#039;p ildizli ishonch boshqaruvi<\/strong><\/p>\n<ul>\n<li>Bir nechta OEM langarlari uchun yagona ishonch do&#039;konini yangilash kanali<\/li>\n<li>Kanareyka yangilanishlari + yo&#039;l yaratishda xatolar ko&#039;payganda orqaga qaytish<\/li>\n<\/ul>\n<p><strong>4-naqsh: Vaqtni sinxronlashtirishni boshqarish (muzokara qilinmaydi)<\/strong><\/p>\n<ul>\n<li>NTP siyosati (yoki kerak bo&#039;lganda PTP)<\/li>\n<li>Drift monitoringi va ogohlantirish chegaralari<\/li>\n<li>Soatlar ishonchsiz bo&#039;lganda aniqlangan xatti-harakatlar<\/li>\n<\/ul>\n<h2>Oflayn uzluksizlik: chekkadan bulutgacha bo&#039;lgan uzilishlar paytida Plug &amp; Charge\u2019dan foydalanishga yaroqli holda saqlash<\/h2>\n<h3>Oflayn uzluksizlik nima (va emas)<\/h3>\n<p>Oflayn uzluksizlik &quot;PKI ni chetlab o&#039;tish&quot; emas. Bu quyidagilarni saqlaydigan boshqariladigan degradatsiya:<\/p>\n<ul>\n<li>Kalitlar va ishonchli do&#039;konlarning yaxlitligi<\/li>\n<li>Hisob-kitob va hodisalarga javob berish uchun auditorlik imkoniyati<\/li>\n<li>Mahalliy miqyosda nimalarni tasdiqlash mumkinligi (va qancha vaqt davomida) bo&#039;yicha aniq cheklovlar<\/li>\n<\/ul>\n<h3>Mavjudlik primitivlari sifatida mahalliy kontrollerlar\/chekka proksi-serverlar<\/h3>\n<ul>\n<li>Mahalliy ishonch keshlarini (langar\/oraliq\/CRL) saqlash<\/li>\n<li>Cheklangan mahalliy avtorizatsiya siyosatini amalga oshirish<\/li>\n<li>Keyinchalik yarashtirish uchun bufer o&#039;lchovlari\/jurnallari<\/li>\n<li>EVSE uchun mahalliy so&#039;nggi nuqta sifatida harakat qilib, WAN portlash radiusini kamaytiring<\/li>\n<\/ul>\n<blockquote style=\"margin: 16px 0; padding: 12px 16px; border-left: 4px solid #ccc;\"><p><strong>2-rasm (Tavsiya etilgan vizual): Zaif tarmoq saytlarida ishonch keshi sifatida chekka proksi-server<\/strong><\/p>\n<p>(EVSE\u2019larning saytdagi Edge Proxy\/Local Controller\u2019ga ulanayotganini ko\u2018rsating. Proksi keshlangan ishonch langarlari\/oraliq vositalarini saqlaydi,<br \/>\nrejalashtirilgan CRL yangilanishi, vaqtni sinxronlashtirish monitoringi va dalillar jurnallari; u ulanish beqaror bo&#039;lganda voqealarni bulutdagi CSMS\/PKI ga buferlaydi.)<\/p>\n<p><strong>Asosiy xabar:<\/strong> Chegara proksi-serverlari tashqi OCSP\/CRL so&#039;nggi nuqtalariga jonli bog&#039;liqlikni kamaytiradi va PKI-ni chetlab o&#039;tmasdan boshqariladigan oflayn uzluksizlikni ta&#039;minlaydi.<\/p><\/blockquote>\n<h2>CRA va VMP: 2026-yil sentyabridan boshlab audit qilinadigan operatsion modelga hisobot berish muddatlari<\/h2>\n<h3>CRA hisobot berish qoidalari: 24\/72 soatlik rejimga moslashtirilgan<\/h3>\n<p>CRA hisobot berish qoidalari ishlab chiqaruvchilardan faol foydalanilgan zaifliklar va ta&#039;sir ko&#039;rsatadigan jiddiy hodisalar haqida xabar berishni talab qiladi<br \/>\nraqamli elementlarga ega mahsulotlar xavfsizligi bo&#039;yicha:<\/p>\n<ul>\n<li><strong>24 soat ichida erta ogohlantirish<\/strong> xabardor bo&#039;lish<\/li>\n<li><strong>72 soat ichida to&#039;liq xabarnoma<\/strong><\/li>\n<li><strong>Yakuniy hisobot<\/strong> belgilangan oynalar ichida (hodisa sinfiga qarab)<\/li>\n<\/ul>\n<p>Ommaviy bekor qilish yoki ishonch-langar kelishmovchiligi natijasida yuzaga kelgan keng ko&#039;lamli Plug &amp; Charge uzilishi <strong>malakaga ega bo&#039;lishi mumkin<\/strong><br \/>\nta&#039;sir va ekspluatatsiya dalillariga qarab jiddiy hodisa sifatida.<\/p>\n<h3>Zaifliklarni boshqarish jarayoni (VMP): minimal hayotiy imkoniyatlar<\/h3>\n<ol>\n<li><strong>Filo haqiqati:<\/strong> aktiv + versiya inventarizatsiyasi (EVSE dasturiy ta&#039;minoti, kontroller tasvirlari, ishonchli do&#039;kon versiyalari).<\/li>\n<li><strong>SBOM integratsiyasi (dinamik):<\/strong> SBOM joylashtirilishi mumkin bo&#039;lgan artefaktlarga xaritalangan; zaiflik razvedkasi bilan uzluksiz korrelyatsiya.<\/li>\n<li><strong>VEX asosidagi ta&#039;sirni boshqarish:<\/strong> &quot;Mavjud, ammo ekspluatatsiya qilinmaydigan&quot; va &quot;bizning joylashtirishimizda ekspluatatsiya qilinadigan&quot; ni farqlash uchun VEX bayonotlarini saqlab qoling, bu esa T+24 soat oralig&#039;ida ishonchli qamrovni aniqlash imkonini beradi.<\/li>\n<li><strong>Nima uchun VEX 24 soatlik rejimda muhim:<\/strong> SBOM sizga nima borligini aytadi; VEX sizga nima borligini aniqlashga yordam beradi <strong>ekspluatatsiya qilinadigan<\/strong>, soxta signallarni kamaytirish va operatsion guruhlarning ekspluatatsiya qilinmaydigan shovqinni ta&#039;qib qilishining oldini olish.<\/li>\n<li><strong>Qabul qilish va saralash:<\/strong> yetkazib beruvchilarga tavsiyalar, CVElar, ichki topilmalar; ekspluatatsiya qilish imkoniyati + ta&#039;sirga ustuvor ahamiyat bering.<\/li>\n<li><strong>T+24 soatlik ish jarayoni:<\/strong> Ta&#039;sirlangan populyatsiyalarni aniqlash uchun SBOM + VEX + inventarizatsiya korrelyatsiyasi; dastlabki saqlash qarorlari; dalillarni to&#039;plash.<\/li>\n<li><strong>T+72h bildirishnoma ish jarayoni:<\/strong> tasdiqlangan ko&#039;lam, yumshatish choralari, joriy etish\/qaytarish rejasi, aloqa yozuvi.<\/li>\n<li><strong>Yakuniy hisobot ish jarayoni:<\/strong> Validatsiya dalillari + asosiy sabab + tuzatish choralari mavjud bo&#039;lgandan keyin oldini olishni yaxshilash.<\/li>\n<li><strong>Patch kadans muhandisligi:<\/strong> bosqichma-bosqich joriy etish, qaytarish rejalari, imzolangan artefaktlar, tasdiqlash eshiklari.<\/li>\n<li><strong>Ishonch zanjirini amalga oshirish:<\/strong> xavfsiz yuklash + xavfsiz dasturiy ta&#039;minot yangilanishlari; imzo kalitlari HSM\/xavfsiz elementlarda himoyalangan.<\/li>\n<li><strong>Dalillarga asoslangan holda qayd qilish:<\/strong> sertifikat hodisalari, ishonchli do&#039;kon o&#039;zgarishlari, bekor qilishdagi xatolar, vaqtni sinxronlashtirish holati.<\/li>\n<\/ol>\n<p><strong>Yuqori darajadagi ishonch stsenariysi:<\/strong> Agar bekor qilish buzilgan ildiz yoki chiqaruvchi kalit tomonidan ishga tushirilsa,<br \/>\nbuni zudlik bilan cheklashni talab qiladigan o&#039;ta jiddiy ishonch hodisasi sifatida ko&#039;rib chiqing, butun avtopark bo&#039;ylab ishonch do&#039;koni choralarini ko&#039;ring,<br \/>\nva ta&#039;sir va ekspluatatsiya dalillariga qarab CRA bilan moslashtirilgan hisobot berishga tayyorlik.<\/p>\n<h3>CRA hodisalarga javob berishni sanash ro&#039;yxati (operatsion shablon)<\/h3>\n<h4>T+0 (Aniqlash \/ Xabardorlik)<\/h4>\n<ul>\n<li>Dalillarni muzlatish: jurnallar, sertifikat hodisalari, ishonchli do&#039;kon versiyalari, vaqtni sinxronlashtirish holati<\/li>\n<li>Ta&#039;sirlangan sirtlarni aniqlang: EVSE dasturiy ta&#039;minoti, mahalliy kontrollerlar, orqa TLS so&#039;nggi nuqtalari<\/li>\n<li>PKI provayderi\/orqa tomon xavfsizlik bo&#039;yicha aloqador shaxsni jalb qiling<\/li>\n<\/ul>\n<h4>T+24 soat (Erta ogohlantirishga tayyorlik)<\/h4>\n<ul>\n<li><strong>Asosiy maqsad:<\/strong> Foydalanish <strong>SBOM + VEX + flot inventarizatsiyasi<\/strong> ta&#039;sirlangan aholini aniqlash va dalillarga asoslangan erta ogohlantirishni taqdim etish<\/li>\n<li>Cheklovni hal qilish: bekor qilish\/aylantirish, ishonch do&#039;konini qaytarish, saytni izolyatsiya qilish<\/li>\n<li>Erta ogohlantirish paketi loyihasi: ko&#039;lami, yumshatish ishlari olib borilmoqda, vaqtinchalik holat<\/li>\n<\/ul>\n<h4>T+72h (To&#039;liq xabarnoma tayyorligi)<\/h4>\n<ul>\n<li>Ta&#039;sirlangan aholini mintaqa\/joy bo&#039;yicha tasdiqlang; tuzatish rejasi + joriy etish usulini taqdim eting<\/li>\n<li>Mijoz\/operator aloqalari va eskalatsiya yozuvlarini yarating<\/li>\n<\/ul>\n<h4>Yakuniy hisobot oynasi<\/h4>\n<ul>\n<li>Yakuniy hisobotni CRA talablariga muvofiq taqdim eting (vaqt hodisa sinfiga bog&#039;liq)<\/li>\n<li>Tuzatishdan keyingi tasdiqlash dalillari + olingan saboqlar<\/li>\n<\/ul>\n<h2>Xarajat va xavfni aniqlash (avtoparkingizga ulashingiz mumkin bo&#039;lgan shablonlar)<\/h2>\n<h3>Qo&#039;lda yangilash mehnat xarajatlari modeli<\/h3>\n<p>Ruxsat bering:<\/p>\n<ul>\n<li><code>N<\/code> = TLS so&#039;nggi nuqtalari soni (EVSE + kontrollerlar + shlyuzlar + boshqariladigan orqa tugunlar)<\/li>\n<li><code>L<\/code> = sertifikat muddati (kunlar)<\/li>\n<li><code>t<\/code> = har bir yangilanish uchun inson vaqti (soat)<\/li>\n<li><code>c<\/code> = to&#039;liq yuklangan ishchi kuchi narxi (AQSh dollari\/soat)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Mehnat xarajatlari \u2248 N \u00d7 (365 \/ L) \u00d7 t \u00d7 c<\/code><\/pre>\n<h3>Uzilish xavfi modeli (muddati tugashi yoki joylashtirish muvaffaqiyatsizligi)<\/h3>\n<p>Ruxsat bering:<\/p>\n<ul>\n<li><code>P_miss<\/code> = har bir siklda yangilanishning o&#039;tkazib yuborilgan\/muvaffaqiyatsiz bo&#039;lish ehtimoli<\/li>\n<li><code>H_down<\/code> = har bir hodisa uchun kutilgan ishlamay qolish vaqti<\/li>\n<li><code>C_soat<\/code> = soatlik biznesga ta&#039;sir (yo&#039;qotilgan daromad, jarimalar, SLA kreditlari)<\/li>\n<\/ul>\n<pre style=\"background: #f6f8fa; padding: 12px; overflow: auto;\"><code>Xarajat_uzilishi \u2248 P_miss \u00d7 H_down \u00d7 C_hour<\/code><\/pre>\n<h2>Qaror qo&#039;llanmasi: Onlayn bekor qilish tekshiruvlari muvaffaqiyatsiz bo&#039;lganda (OCSP\/CRL vaqti tugashi)<\/h2>\n<ol>\n<li><strong>Jamoat joyimi yoki yopiq flot\/depomi?<\/strong>\n<ul>\n<li>Ommaviy \u2192 afzal ko&#039;rish <strong>Qiyin muvaffaqiyatsizlik<\/strong> (yoki faqat dalillar + kompensatsiya nazorati bilan qat&#039;iy nazorat ostidagi inoyat)<\/li>\n<li>Filo\/depo \u2192 <strong>Dalillarga boy inoyat<\/strong> cheklangan derazalar uchun maqbul bo&#039;lishi mumkin<\/li>\n<\/ul>\n<\/li>\n<li><strong>Tarmoq ishonchliligini oldindan aytib bo&#039;ladimi?<\/strong>\n<ul>\n<li>Ha \u2192 Onlayn OCSP\/CRL + monitoringi<\/li>\n<li>Yo&#039;q \u2192 <strong>Chegaralarni oldindan tekshirish + keshlash<\/strong> (CRL yangilash oynalari, keshlangan zanjirlar)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Sessiya vaqtida onlayn qaramlikni kamaytira olasizmi?<\/strong>\n<ul>\n<li>Imkon bo&#039;lganda \u2192 asrab olish <strong>OCSP z\u0131mbalama naqshi<\/strong> (isbotni chetga yaqinroq bosing)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Sizda dalillarni ro&#039;yxatga olish + vaqtni sinxronlashtirish boshqaruvi bormi?<\/strong>\n<ul>\n<li>Agar yo&#039;q bo&#039;lsa \u2192 avval bularni tuzating; buzilgan rejimdagi siyosatlarni ularsiz himoya qilish qiyin<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>Amaliy javobgarlik matritsasi (Uzilishlarning oldini oluvchi chegaralar)<\/h2>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\" cellspacing=\"0\" cellpadding=\"8\">\n<thead>\n<tr>\n<th>Rol<\/th>\n<th>Chiqarish<\/th>\n<th>Tasdiqlash<\/th>\n<th>Hisobot berish<\/th>\n<th>Kadensni yangilash<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CPOlar<\/strong><\/td>\n<td>TLS\/identifikatsiya strategiyasi; avtomatlashtirilgan yangilanishni amalga oshirish; oxirgi nuqta inventarizatsiyasini saqlash; CA uzilish xatti-harakatlari rejasi (DigiCert uchun 24-fevraldan boshlab 199 kunlik emissiya)<\/td>\n<td>Qattiq\/yumshoq xato siyosatini aniqlang; bekor qilish artefaktining yangiligi; <strong>Vaqtni sinxronlashtirishni boshqarish<\/strong> (NTP\/PTP, drift monitoringi, ogohlantirishlar)<\/td>\n<td>Hodisalar bo&#039;yicha o&#039;yin daftarlarini boshqarish; CRA bilan moslashtirilgan hisobot berishga tayyorlikni boshqarish (24 soat\/72 soat\/yakuniy)<\/td>\n<td>Doimiy tugash muddatini kuzatish; ishonch do&#039;konini yangilash; favqulodda ishonch langari o&#039;zgarishlari; vaqt sinxronizatsiyasi auditlari<\/td>\n<\/tr>\n<tr>\n<td><strong>EVSE OEM&#039;lari<\/strong><\/td>\n<td>Uskuna tomonidan qo&#039;llab-quvvatlanadigan kalitlarni saqlash; qurilma identifikatsiyasining holati; avtomatlashtirish ilgaklari; xavfsiz yuklash\/yangilash primitivlari<\/td>\n<td>TLS holati; zanjirni yaratish; bekor qilish xatti-harakati; ishonch do&#039;konini boshqarish; xavfsiz yuklash + xavfsiz dasturiy ta&#039;minotni yangilash zanjiri<\/td>\n<td>Mahsulot zaifliklarini boshqarish; maslahatlar; tuzatish paketlari; operatorlarning texnik faktlar bilan hisobot berishini qo&#039;llab-quvvatlash<\/td>\n<td>Muntazam nashrlar + favqulodda yamalar; belgilangan qo&#039;llab-quvvatlash oynalari; kalitlarni almashtirish bo&#039;yicha qo&#039;llanmalar<\/td>\n<\/tr>\n<tr>\n<td><strong>Orqa tomon \/ V2G PKI provayderlari<\/strong><\/td>\n<td>Shartnoma ekotizimini chiqarish (agar mavjud bo&#039;lsa); CA\/RA operatsiyalari; chiqarish siyosati<\/td>\n<td>Orqa tomonni tasdiqlash; OCSP\/CRL mavjudligi; ishonchli langar boshqaruvi<\/td>\n<td>Hodisa\/zaiflik faktlarini taqdim eting; CRA vaqt jadvalidagi dalillar paketlarini qo&#039;llab-quvvatlang<\/td>\n<td>Siyosat\/ishonchni mustahkamlash bo&#039;yicha tez-tez yangilanishlar; OCSP\/CRL barqarorligi muhandisligi; doimiy monitoring<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Lug&#039;at<\/h2>\n<ul>\n<li><strong>PKI:<\/strong> Ochiq kalit infratuzilmasi (berish, tasdiqlash, ishonch langarlari, bekor qilish)<\/li>\n<li><strong>ACME:<\/strong> Avtomatlashtirilgan sertifikatlarni boshqarish muhiti (avtomatlashtirilgan berish\/uzaytirish)<\/li>\n<li><strong>OCSP \/ CRL:<\/strong> Onlayn sertifikat holati protokoli \/ sertifikatni bekor qilish ro&#039;yxati<\/li>\n<li><strong>OCSP z\u0131mbalama:<\/strong> Server jonli OCSPga bog&#039;liqlikni kamaytirish uchun bekor qilish isbotini taqdim etadi<\/li>\n<li><strong>Ishonch langarlari:<\/strong> Validatorlaringiz ishonadigan asosiy\/oraliq sertifikatlar<\/li>\n<li><strong>SBOM:<\/strong> Dasturiy ta&#039;minot materiallari ro&#039;yxati (zaifliklarni baholash uchun komponentlar inventarizatsiyasi)<\/li>\n<li><strong>VEX:<\/strong> Zaiflikdan foydalanish imkoniyati eXchange (ekspluatatsiya holati bayonotlari)<\/li>\n<li><strong>TLS 1.3:<\/strong> Zamonaviy TLS profili; qo&#039;l berib ko&#039;rishish + sertifikatni tasdiqlash kechikishga sezgir bo&#039;lib qolmoqda<\/li>\n<li><strong>VMP:<\/strong> Zaifliklarni boshqarish jarayoni (qabul qilish, saralash, tuzatish, hisobot berish, dalillar)<\/li>\n<\/ul>\n<h2>Kelajakka yo&#039;naltirilgan xavf: Kripto chaqqonligi va PQCga tayyorlik<\/h2>\n<p>2026-yil qisqa TLS muddatlari va CRA hisobotlari bilan hukmronlik qilsa-da, zaryadlash infratuzilmalari baholay boshlashi kerak<br \/>\n<strong>kripto-chaqqonlik<\/strong>Uzoq muddatli aktivlar (transport vositalari va zaryadlovchi qurilmalar) bilan arxitekturalar apparat bloklanishining oldini olishi kerak, buning uchun<br \/>\nHSM\/xavfsiz elementlar va o&#039;rnatilgan steklar kelajakdagi algoritm va sertifikat profili yangilanishlarini apparat yangilanishini talab qilmasdan qo&#039;llab-quvvatlashi mumkin.<\/p>\n<h2>TSS<\/h2>\n<h3>Plug &amp; Charge oflayn rejimda ishlay oladimi?<\/h3>\n<p>Qisman \u2014 loyiha bo&#039;yicha. Oflayn P&amp;C mahalliy ishonch keshlash (iloji bo&#039;lsa, langar\/oraliq vositalar\/CRL) yordamida degradatsiyani boshqaradi,<br \/>\naniq imtiyozli siyosatlar va yarashtirish uchun buferlangan audit jurnallari. U PKI ni chetlab o&#039;tmasligi kerak; u jonli bulutga bog&#039;liqlikni kamaytirishi kerak.<br \/>\nyaxlitlik va audit qilish mumkinligini saqlab qolish bilan birga.<\/p>\n<h3>199\/200 kunlik muddat ichida sertifikatlarni qanchalik tez-tez yangilashimiz kerak?<\/h3>\n<p>Har bir oxirgi nuqta uchun yiliga bir nechta yangilanish sikllarini rejalashtiring. Ko&#039;pgina operatorlar uchun operatsion qisqartirish boshlanadi<br \/>\n<strong>2026-yil 24-fevral<\/strong> chunki DigiCert maksimal darajada ommaviy TLS sertifikatlarini beradi <strong>199 kunlik<\/strong> shu sanadan boshlab amal qilish muddati.<br \/>\nKengroq ekotizim darajasida, Asosiy talablar bosqichma-bosqich qisqartirishni belgilaydi <strong>200\/100\/47 kun<\/strong>.<\/p>\n<h3>CRA hisobot berish majburiyatlarini nima keltirib chiqaradi?<\/h3>\n<p>CRA hisobot berish qoidalari talab qiladi <strong>24 soatlik erta ogohlantirish<\/strong> va <strong>72 soatlik bildirishnoma<\/strong> faol ravishda foydalanilgan zaifliklar va jiddiy hodisalar uchun,<br \/>\nyakuniy hisobot berish oynalari bilan birga. Keng ko&#039;lamli P&amp;C ishonchining buzilishi (masalan, zararli bekor qilish yoki tasdiqlash buzilishi) quyidagilarga bog&#039;liq bo&#039;lishi mumkin<br \/>\nta&#039;sir va ekspluatatsiya dalillari bo&#039;yicha; CRAga tayyor VMP qo&#039;llab-quvvatlashi kerak <strong>SBOM + VEX + flot inventarizatsiyasi<\/strong> dastlabki 24 soat ichida tekshiruv o&#039;tkazish.<\/p>\n<\/article>","protected":false},"excerpt":{"rendered":"<p>TL;DR (Executive Action Summary) TLS cutover is a hard boundary (not a suggestion): From February 24, 2026, DigiCert will stop accepting public TLS certificate requests with validity greater than 199 days, and certificates issued from that date have a 199-day maximum validity. This is the practical cutover for many operators\u2014renewal velocity increases immediately. The 200\u2192100\u219247-day [&hellip;]<\/p>","protected":false},"author":3,"featured_media":37917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[143,142,158,146,151,152,159,157,99,153,141,147,149,150,145,98,154,144,148,155,156],"class_list":["post-38532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-acme","tag-certificate-lifecycle","tag-cra-compliance","tag-crl","tag-cross-signing","tag-edge-proxy","tag-ev-charging-infrastructure-2026","tag-evse-security","tag-iso-15118","tag-local-controller","tag-ocsp","tag-ocsp-stapling","tag-offline-charging","tag-path-validation","tag-pki","tag-plug-charge","tag-sbom","tag-tls-1-3","tag-trust-anchors","tag-vex","tag-vulnerability-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)<\/title>\n<meta name=\"description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.evb.com\/uz\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"uz_UZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)\" \/>\n<meta property=\"og:description\" content=\"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug &amp; Charge, and CRA 24h\/72h reporting readiness.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.evb.com\/uz\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"EVB\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-12T07:13:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-16T12:39:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"evb\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"evb\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 daqiqa\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"author\":{\"name\":\"evb\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\"},\"headline\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"},\"wordCount\":2523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"keywords\":[\"ACME\",\"Certificate Lifecycle\",\"CRA Compliance\",\"CRL\",\"Cross-signing\",\"Edge Proxy\",\"EV Charging Infrastructure 2026\",\"EVSE Security\",\"ISO 15118\",\"Local Controller\",\"OCSP\",\"OCSP Stapling\",\"Offline Charging\",\"Path Validation\",\"PKI\",\"Plug &amp; Charge\",\"SBOM\",\"TLS 1.3\",\"Trust Anchors\",\"VEX\",\"Vulnerability Management\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"uz-UZ\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\",\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\\\/200-Day + CRA 24h\\\/72h)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"datePublished\":\"2026-01-12T07:13:14+00:00\",\"dateModified\":\"2026-01-16T12:39:19+00:00\",\"description\":\"Manage ISO 15118 certificates in 2026: 199\\\/200-day TLS renewals, ACME automation, revocation failures (OCSP\\\/CRL), offline Plug & Charge, and CRA 24h\\\/72h reporting readiness.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\"},\"inLanguage\":\"uz-UZ\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"uz-UZ\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp\",\"width\":1280,\"height\":721,\"caption\":\"EVB 4 Guns 480kw dc ev charger with energy storage battery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.evb.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#website\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"name\":\"EVB\",\"description\":\"Smart EV Charging &amp; Energy Storage Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.evb.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"uz-UZ\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#organization\",\"name\":\"EVB\",\"url\":\"https:\\\/\\\/www.evb.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"uz-UZ\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"contentUrl\":\"https:\\\/\\\/www.evb.com\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/evb-3.png\",\"width\":605,\"height\":626,\"caption\":\"EVB\"},\"image\":{\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.evb.com\\\/#\\\/schema\\\/person\\\/fe8f0137976034abdfd2ae4f8c5682d0\",\"name\":\"evb\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"uz-UZ\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g\",\"caption\":\"evb\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.evb.com\/uz\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_locale":"uz_UZ","og_type":"article","og_title":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","og_description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","og_url":"https:\/\/www.evb.com\/uz\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","og_site_name":"EVB","article_published_time":"2026-01-12T07:13:14+00:00","article_modified_time":"2026-01-16T12:39:19+00:00","og_image":[{"width":1280,"height":721,"url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","type":"image\/webp"}],"author":"evb","twitter_card":"summary_large_image","twitter_misc":{"Written by":"evb","Est. reading time":"11 daqiqa"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#article","isPartOf":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"author":{"name":"evb","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0"},"headline":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"},"wordCount":2523,"commentCount":0,"publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","keywords":["ACME","Certificate Lifecycle","CRA Compliance","CRL","Cross-signing","Edge Proxy","EV Charging Infrastructure 2026","EVSE Security","ISO 15118","Local Controller","OCSP","OCSP Stapling","Offline Charging","Path Validation","PKI","Plug &amp; Charge","SBOM","TLS 1.3","Trust Anchors","VEX","Vulnerability Management"],"articleSection":["Blog"],"inLanguage":"uz-UZ","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","url":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/","name":"ISO 15118 Certificate Lifecycle Management in 2026 (TLS 199\/200-Day + CRA 24h\/72h)","isPartOf":{"@id":"https:\/\/www.evb.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","datePublished":"2026-01-12T07:13:14+00:00","dateModified":"2026-01-16T12:39:19+00:00","description":"Manage ISO 15118 certificates in 2026: 199\/200-day TLS renewals, ACME automation, revocation failures (OCSP\/CRL), offline Plug & Charge, and CRA 24h\/72h reporting readiness.","breadcrumb":{"@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb"},"inLanguage":"uz-UZ","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"uz-UZ","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#primaryimage","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2025\/12\/EVB-4-Guns-480kw-dc-ev-charger-with-energy-storage-battery.webp","width":1280,"height":721,"caption":"EVB 4 Guns 480kw dc ev charger with energy storage battery"},{"@type":"BreadcrumbList","@id":"https:\/\/www.evb.com\/iso-15118-certificate-lifecycle-management-in-2026-from-tls-urgency-to-cra-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.evb.com\/"},{"@type":"ListItem","position":2,"name":"ISO 15118 Certificate Lifecycle Management in 2026: From TLS Urgency to CRA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.evb.com\/#website","url":"https:\/\/www.evb.com\/","name":"EVB","description":"Smart EV Charging &amp; Energy Storage Solutions","publisher":{"@id":"https:\/\/www.evb.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.evb.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"uz-UZ"},{"@type":"Organization","@id":"https:\/\/www.evb.com\/#organization","name":"EVB","url":"https:\/\/www.evb.com\/","logo":{"@type":"ImageObject","inLanguage":"uz-UZ","@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","contentUrl":"https:\/\/www.evb.com\/wp-content\/uploads\/2021\/03\/evb-3.png","width":605,"height":626,"caption":"EVB"},"image":{"@id":"https:\/\/www.evb.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.evb.com\/#\/schema\/person\/fe8f0137976034abdfd2ae4f8c5682d0","name":"evb","image":{"@type":"ImageObject","inLanguage":"uz-UZ","@id":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6919cc4e91e3745783933e1263b15b0bed21b5e46f2b1e21643aa8b29240d0f7?s=96&d=mm&r=g","caption":"evb"}}]}},"_links":{"self":[{"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/posts\/38532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/comments?post=38532"}],"version-history":[{"count":5,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/posts\/38532\/revisions"}],"predecessor-version":[{"id":38581,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/posts\/38532\/revisions\/38581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/media\/37917"}],"wp:attachment":[{"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/media?parent=38532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/categories?post=38532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evb.com\/uz\/wp-json\/wp\/v2\/tags?post=38532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}