Skip to content

Technical specification of a new C-ITS PKI

This questionnaire has to be filled by a C-ITS PKI provider prior PKI installation. TeskaLabs can provide reasonable defaults where possible based on standardisation and deployment experiences.

The TLM to which new Root CA certificate to be inserted

In case of EU TLM, the intended level (L0, L1, L2) should be defined according to a EU TLM CPOC Protocol. Also the name of Root CA certificate is to be assigned by CPA of CPOC.

Answer: __

Note: This pre-requisite is optional, TLM could be skipped or introduced later.

Requested components

  • Number of Root Certificate Authority (RCA): __
  • Number of Enrollment Authorities (EA): __
  • Number of Authorization Authorities (AA): __

Typical C-ITS PKI contains 1 RCA, 1 EA and 1 AA. Number of EAs and AAs could be extended during the lifecycle of the PKI.

Tenant name

It may become a part of PKI URLs.

Answer: __

Example: croads_cz_l0

Base URL(s) of the PKI authorities

Answer: http://__

It could be the same for RCA, EA and AA or specific for each component.

It must start with http://

Root CA Certificate key curve

Select one of:

  • Brainpool P-386
  • Brainpool P-256
  • NIST P-256

We recommend Brainpool P-386.

Root CA certificate

Use attached JSON template rootca.json.

Important information:

  • Root CA certificate name, example 0_My-New-Root-CA_L0

Note: If Root CA certificate is to be introduced to TLM, the name has to comply with the TLM requirements.

EA certificate verification key curve

Select one for verification key:

  • Brainpool P-386
  • Brainpool P-256
  • NIST P-256

We recommend Brainpool P-256.

EA certificate encryption key curve

Select one for encryption key:

  • Brainpool P-256
  • NIST P-256

We recommend Brainpool P-256.

EA certificate request

Use attached JSON template ea-cacr.json.

Important information:

  • EA certificate name

AA certificate verification key curve

Select one for verification key:

  • Brainpool P-386
  • Brainpool P-256
  • NIST P-256

We recommend Brainpool P-256.

AA certificate encryption key curve

Select one for encryption key:

  • Brainpool P-256
  • NIST P-256

We recommend Brainpool P-256.

AA certificate request

Use attached JSON template aa-cacr.json.

Important information:

  • AA certificate name