Most of the supported wall chargers offer the ability to connect over SSL/TLS.
We do not recommend its use because we see many chargers failing to connect to Charge HQ when attempting to use SSL.
The data being transferred between your wall charger and the Charge HQ servers is not considered to be particularly sensitive. It does not contain authentication details or personally identifiable information.
However, if you would prefer to use SSL/TLS mode you should apply the following changes to your charger configuration.
For example, a server address in non-SSL mode
ws://ocpp.chargehq.net:80/ocpp16
in SSL/TLS mode will become
wss://ocpp.chargehq.net:443/ocpp16
If you are unable to connect your charger in SSL mode, please ensure you have first tried to connect in non-SSL mode before seeking technical support.
SSL/TLS requires that the client (in this case, the charger) knows to trust the root and intermediate certifying authorities which signed the certificate offered by the Charge HQ OCPP endpoint. Some chargers are not pre-loaded with the correct root certificates that are required to verify the certificate offered by Charge HQ. See this page for more info.
Charge HQ regularly changes the certificate offered by the OCPP endpoint. Occasionally this will result in changes to the certifying authorities. This could mean that a charger that was successfully connecting via SSL/TLS may stop working if it doesn't support the new certificate.
Some chargers allow loading additional root certificates. If you are determined to get SSL/TLS working, you could try obtaining the certificate from https://ocpp.chargehq.net and loading it into your charger. Charge HQ does not provide technical support for doing this.
