Technical specification of a new C-ITS PKI¶
This questionnaire has to be filled by a C-ITS PKI provider prior PKI installation. TeskaLabs can provide reasonable defaults where possible based on standardisation and deployment experiences.
The TLM to which new Root CA certificate to be inserted¶
In case of EU TLM, the intended level (L0, L1, L2) should be defined according to a EU TLM CPOC Protocol. Also the name of Root CA certificate is to be assigned by CPA of CPOC.
Answer: __
Note: This pre-requisite is optional, TLM could be skipped or introduced later.
Requested components¶
- Number of Root Certificate Authority (RCA): __
- Number of Enrollment Authorities (EA): __
- Number of Authorization Authorities (AA): __
Typical C-ITS PKI contains 1 RCA, 1 EA and 1 AA. Number of EAs and AAs could be extended during the lifecycle of the PKI.
Tenant name¶
It may become a part of PKI URLs.
Answer: __
Example: croads_cz_l0
Base URL(s) of the PKI authorities¶
Answer: http://__
It could be the same for RCA, EA and AA or specific for each component.
It must start with http://
Root CA Certificate key curve¶
Select one of:
- Brainpool P-386
- Brainpool P-256
- NIST P-256
We recommend Brainpool P-386.
Root CA certificate¶
Use attached JSON template rootca.json
.
Important information:
- Root CA certificate name, example
0_My-New-Root-CA_L0
Note: If Root CA certificate is to be introduced to TLM, the name has to comply with the TLM requirements.
EA certificate verification key curve¶
Select one for verification key:
- Brainpool P-386
- Brainpool P-256
- NIST P-256
We recommend Brainpool P-256.
EA certificate encryption key curve¶
Select one for encryption key:
- Brainpool P-256
- NIST P-256
We recommend Brainpool P-256.
EA certificate request¶
Use attached JSON template ea-cacr.json
.
Important information:
- EA certificate name
AA certificate verification key curve¶
Select one for verification key:
- Brainpool P-386
- Brainpool P-256
- NIST P-256
We recommend Brainpool P-256.
AA certificate encryption key curve¶
Select one for encryption key:
- Brainpool P-256
- NIST P-256
We recommend Brainpool P-256.
AA certificate request¶
Use attached JSON template aa-cacr.json
.
Important information:
- AA certificate name