Handle ISO 15118 Plug and Charge concepts in a CPO stack

Verified steps

1. Integrate an ISO 15118-2-compliant EVSE firmware layer in your charge point hardware; the standard requires TLS 1.2 mutual authentication with EXI-encoded payloads over a PLC (power line communication) or wireless transport layer.
2. Join or connect to a V2G PKI trust hierarchy: your CPO must operate a Sub-CA under a recognized V2G Root CA (e.g., Hubject's V2G Root or a government-run root); generate your CPO Sub-CA certificate from this root.
3. Implement the certificate provisioning backend: when a vehicle presents its Provisioning Certificate (identified by its PCID), your CSMS queries the V2G PKI for the matching Contract Certificate and provisions it to the vehicle during the TLS handshake.
4. During a Plug and Charge session, the EVSE and vehicle complete a TLS mutual authentication exchange; the vehicle presents its Contract Certificate, the CPO stack validates the certificate chain up to the V2G Root, and if valid, the session is authorized without any driver interaction.
5. Implement contract certificate renewal workflows: Contract Certificates have a finite validity period; your CSMS must monitor expiry dates and trigger re-provisioning before expiry to prevent silent authorization failures.
6. Test using a Hubject OPCP-compliant testing tool or a certified PnC test bench; interoperability testing is mandatory before production deployment in regulated markets.