A charge station’s security profile is an indication of how secure the charge station’s connection is. This article will describe what each security profile means and will give detailed instructions on how to configure a charge station’s security profile depending on its OCPP version. Only security profile 1 and 2 are covered by this guide.

Security profile 1, or basic authentication, improves security by forcing the charge station to identify itself and provide a password on connection attempts. Security profile 1 does not require a secure connection over TLS but this is highly recommended.

By requiring a password third parties are prevented from connecting to GreenFlux using an existing charge station id to mimic the charge station on our platform.

Security profile 2 enforces a connection over TLS, and allows the charge station to verify the identity of the server ensuring that it is connected to GreenFlux’ backend. To allow this we need to install GreenFlux’ root certificate on the charge station so it can identify the certificate of the server when connecting. On GreenFlux’ side any connection attempt that is not secured with TLS will be rejected.

To enable security profile 2 we require the charge station to be connected to an endpoint which supports multiple types of certificates. It is not possible to enable this security profile on the standard public socket server for example. Details are below.