|What is PKI?||A Public Key Infrastructure (PKI) establishes the identity of people, devices, and services – enabling controlled access to systems and resources, protection of data, and accountability in transactions. The PKI is the foundation that enables the use of technologies, such as an encryption, across large populations of devices and users. PKIs deliver the elements essential for a secure and trusted environment.
The SunSpec PKI is used to secure the communications between Distributed Energy Resources (DERs) which can include inverters, aggregators and servers and the larger power grid.
|Why should I be using a PKI?||With Public Key Infrastructure (PKI), you can significantly increase the security level of your network through:
|What are the requirements of the program?||
|What is a CA?||A Certificate Authority (CA) is a trusted third party that verifies the identity of an organization applying for a digital certificate. After verifying the organization’s identity, the CA issues a digital certificate and binds the organization’s identity to a public key. A digital certificate can be trusted because it is chained to the CAs root certificate.|
|What is a Sub CA?||A Subordinate Certificate Authority or Sub CA is a certificate authority lower in the PKI hierarchy or chain from the Root CA or some other Sub CA.
In the case of SunSpec PKI Program, the Sub CA may be either a Manufacturer Certificate Authority (MCA) or a Manufacturer Issuing Authority (MICA).
A MICA is the Certificate Authority which issues the actual device certificates for the organization. So the MICA will be a Sub CA of either the Root CA or an MCA.
An MCA allows for the distribution of the issuing process of PKI certificates within an organization, which may be preferable if there are multiple product lines and/or production occurs across multiple locations.
An MICA or MCA (with associated MICAs) must be established by an organization prior to generating and issuing device certificates. This is part of the application and set-up process for the SunSpec PKI.
|What is end-to-end encryption?||End-to-end encryption is when a message is encrypted at your device, and the decryption is done at the recipient’s device. This means that no third party can intercept your sensitive data.|
|What is a digital certificate?||Digital certificates are the credentials that facilitate the verification of identities between users in a transaction. Much as a passport certifies one’s identity as a citizen of a country, the digital certificate establishes the identity of users within the ecosystem. Because digital certificates are used to identify the users to whom encrypted data is sent, or to verify the identity of the signer of information, protecting the authenticity and integrity of the certificate is imperative to maintain the trustworthiness of the system.
In the SunSpec PKI Program, the digital certificate is known as a device certificate is the PKI certificate installed on the device or server and is used to uniquely identify the device.
|What is a Certificate Policy?||A Certificate Policy (CP) is a document created to identify the different actors of a PKI and their roles and duties. The CP specifies practices like how certificates can be used, how certificate names are to be chosen, how keys are to be generated, and much more. The associated CP is typically specified in a field of the X.509 certificate.|
|What are public/private keys?||Public and private keys are used to encrypt and decrypt information. Only the private key can decrypt information encrypted by the public key. This key pair is known as asymmetric cryptography (because the encryption is done using non-identical keys). The two keys are mathematically related, but it’s impossible to determine one key using the other.|
|What organizations are associated with SunSpec’s PKI?||The SunSpec Alliance is the CA. Kyrio is the RA. Sectigo is the provider of PKI hardware infrastructure.|
|Who can acquire test PKI certificates?||Test PKI certificates are available to SunSpec members. Contact member services to join SunSpec and gain access to the test PKI.|
|Can I use the PKI certificates from my ATL for certification testing?||One of the benefits of SunSpec membership is access to test PKI certificates to be used during product development and testing. This allows for proper testing and evaluation prior to certification testing with an ATL. While ATLs may offer test PKI certificates for testing, it is expected that organizations acquire their own test PKI certificates from SunSpec.|
|Who can acquire production PKI certificates?||Production PKI certificates are available to organizations who have completed SunSpec certification for their product(s).|
|How do I acquire production PKI certificates?||Get your product SunSpec Certified by inquiring with member services. Member services will help you get enrolled in the production PKI.|
|How do I install my PKI certificates?||PKI certificate installation will vary by device and/or system. Certificates are typically installed as part of the manufacturing process.|