Security is paramount in EV charging infrastructure. The Open Charge Point Protocol (OCPP) defines several security profiles to ensure secure communication between Charging Stations and Central Systems. ocpp-ws-io makes it easy to implement these profiles.

The Profiles

Profile 0: No Security

Used for development or trusted networks. Communication is plain text over ws://.

Profile 1: Basic Authentication

Adds HTTP Basic Authentication (Authorization: Basic <credentials>). Communication is still plain text over ws://, but credentials are scrambled (Base64).

Profile 2: TLS with Basic Authentication

Encrypted communication using wss://. Requires the server to have a valid TLS certificate. The client authenticates using HTTP Basic Auth.

Profile 3: TLS with Client Certificates

The most secure profile. Uses wss:// for encryption and mutual TLS (mTLS) for authentication. Both client and server verify each other's certificates.

Implementation in ocpp-ws-io

Switching profiles is straightforward:

// Profile 2 Example
const client = new OCPPClient({
  endpoint: "wss://secure-csms.com",
  identity: "CP001",
  securityProfile: SecurityProfile.TLS_BASIC_AUTH, // Profile 2
  password: "super-secret-password",
  tls: {
    rejectUnauthorized: true,
  },
});

Check out our Security Guide for detailed implementation steps for all profiles.

Understanding OCPP Security Profiles