diff --git a/etc/AtsPki/AtsPki_Idnomic.cfg_ b/etc/AtsPki/AtsPki_Idnomic.cfg_
index 85127ceaec555ebd3e3f4e6fc02bf0ad81e22751..0c8ecd22088a4a872be897b09bca88643ba791c1 100644
--- a/etc/AtsPki/AtsPki_Idnomic.cfg_
+++ b/etc/AtsPki/AtsPki_Idnomic.cfg_
@@ -8,16 +8,24 @@ LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
 # Configuration sub-directory to access certificate stored in files
 LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
 
-LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE  := "application/x-its-request"
+# Use this certificate if the RSU simulator act as IUT
+LibItsCommon_Pixits.PX_CERT_FOR_TS := "CERT_IUT_A_AT"
+
+LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE     := "application/x-its-request"
+LibItsHttp_Pics.PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-crl"
 
 LibItsPki_Pics.PICS_MULTIPLE_END_POINT := true
 LibItsPki_Pics.PICS_HEADER_HOST_EC     := "ea.utopia.plugtests2019.innovation.keynectis.net"
 LibItsPki_Pics.PICS_HEADER_HOST_ATV    := "ea.utopia.plugtests2019.innovation.keynectis.net"
 LibItsPki_Pics.PICS_HEADER_HOST_AT     := "aa.utopia.plugtests2019.innovation.keynectis.net"
+LibItsPki_Pics.PICS_HEADER_HOST_CA     := "dc.plugtests2019.innovation.keynectis.net"
+
+LibItsPki_Pics.PICS_HTTP_POST_URI_EC   := "/"
+LibItsPki_Pics.PICS_HTTP_POST_URI_AT   := "/"
+LibItsPki_Pics.PICS_HTTP_POST_URI_ATV  := "/"
+LibItsPki_Pics.PICS_HTTP_GET_URI_CTL   := "/getctl/1D3C7B499A054F8C";
+LibItsPki_Pics.PICS_HTTP_GET_URI_CRL   := "/getcrl/1D3C7B499A054F8C";
 
-LibItsPki_Pics.PICS_HTTP_POST_URI_EC                 := "/"
-LibItsPki_Pics.PICS_HTTP_POST_URI_AT                 := "/"
-LibItsPki_Pics.PICS_HTTP_POST_URI_ATV                := "/"
 LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY  := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
 LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY   := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
 LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID               := '455453492D4954532D303031'O
@@ -63,6 +71,7 @@ system.httpEcPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
 system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=ea.utopia.plugtests2019.innovation.keynectis.net)"
 #system.httpAtVPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.1.41,local_port=80)" # Multiple HTTP component ports specific to TC_SECPKI_AA_AUTHVAL_xx
 system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=aa.utopia.plugtests2019.innovation.keynectis.net)"
+system.httpCaPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=dc.plugtests2019.innovation.keynectis.net)"
 
 
 [EXECUTE]
@@ -70,7 +79,7 @@ system.httpAtPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_01_BV
 
 # Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (not containing an item of type PsidSsp)
-ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
+#ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
 # Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (containing opaque[0] (version) indicating other value than 1)
 #ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_02
 # Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted by signing certificate (containing opaque[1] (value) indicating "Enrolment Request" (bit 1) set to 0)
@@ -174,6 +183,11 @@ ItsPki_TestCases.TC_SECPKI_EA_ENR_RCV_02_BI_01
 # Check that the AA sends AuthorizationValidationRequest after receiving of the AuthorizationRequest
 #ItsPki_TestCases.TC_SECPKI_AA_AUTHVAL_01_BV
 
+# Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
+ItsPki_TestCases.TC_RCA_CTLGEN_01_BV
+# Check that the RootCA generates the CRL when CA certificate is about to be revoked
+ItsPki_TestCases.TC_RCA_CRLGEN_02_BV
+
 [MAIN_CONTROLLER]
 # The options herein control the behavior of MC.
 KillTimer := 10.0
diff --git a/ttcn/AtsPki/ItsPki_TestCases.ttcn b/ttcn/AtsPki/ItsPki_TestCases.ttcn
index e8e39c4ecf8fb6e8ccfc651004cfdbf9fb4634f1..4090324f972d85c743b6672232edbe0a72af19ce 100644
--- a/ttcn/AtsPki/ItsPki_TestCases.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestCases.ttcn
@@ -8901,6 +8901,8 @@ module ItsPki_TestCases {
 
   group ca_behavior {
 
+    group ctl {
+    
       /**
        * @desc Check that the RootCA generates the Full CTL when new EA is about to be added to the Root CTL
        * <pre>
@@ -8976,7 +8978,7 @@ module ItsPki_TestCases {
 
             tc_ac.stop;
 
-            if (f_verify_rca_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
+            if (f_verify_rca_ctl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_rca_ctl) == false) {
               log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
               f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
             } else {
@@ -9000,6 +9002,106 @@ module ItsPki_TestCases {
 
       } // End of testcase TC_RCA_CTLGEN_01_BV
 
+    } // End of group ctl
+
+    group crl {
+    
+      /**
+       * @desc Check that the RootCA generates the CRL when CA certificate is about to be revoked
+       * <pre>
+       * Pics Selection: PICS_IUT_CA_ROLE
+       * Initial conditions: 
+       *     }
+       * Expected behaviour:
+       *     ensure that {
+       *         when {
+       *             the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list
+       *         }
+       *         then {
+       *             the IUT issue a new CRL of type ToBeSignedCrl
+       *                 containing emtries
+       *                     containing item of type CrlEntry
+       *                         indicating HashedId8 of CERT_CA
+       *         }
+       *     }
+       * </pre>
+       * 
+       * @see       ETSI TS 103 525-2 TP RCA_CRLGEN_01_BV
+       * @reference ETSI TS 102 941, clause 6.3.3
+       */
+      testcase TC_RCA_CRLGEN_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
+        // Local variables
+        var HeaderLines v_headers;
+        var HttpMessage v_response;
+        
+        // Test control
+        if (not PICS_IUT_CA_ROLE) {
+          log("*** " & testcasename() & ": PICS_IUT_CA_ROLE required for executing the TC ***");
+          setverdict(inconc);
+          stop;
+        }
+        
+        // Test component configuration
+        f_cfHttpUp_ca();
+        
+        // Test adapter configuration
+        
+        // Preamble
+        f_init_default_headers_list(-, "ca_request", v_headers);
+        action("the RootCA is triggered to add new CA certificate (CERT_CA) to the revocation list");
+        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
+        
+        // Test Body
+        f_http_send(
+                    v_headers,
+                    m_http_request(
+                                   m_http_request_get(
+                                                      PICS_HTTP_GET_URI_CRL,
+                                                      v_headers
+                                                      )));
+        tc_ac.start;
+        alt {
+          [] httpCaPort.receive(
+                                mw_http_response(
+                                                 mw_http_response_ok(
+                                                                     mw_http_message_body_binary(
+                                                                                                 mw_binary_body_ieee1609dot2_data(
+                                                                                                                                  mw_etsiTs103097Data_signed(
+                                                                                                                                                             mw_signedData(
+                                                                                                                                                -,
+                                                                                                                                                mw_toBeSignedData(                                                                                                                                                            mw_signedDataPayload                                                                                                                                        ),
+                                                                                                                                                mw_signerIdentifier_digest
+                                                                                                                                                                           ))))))) -> value v_response {
+            var ToBeSignedCrl v_to_be_signed_crl;
+
+            tc_ac.stop;
+
+            if (f_verify_rca_crl_response_message(v_response.response.body.binary_body.ieee1609dot2_data, true, v_to_be_signed_crl) == false) {
+              log("*** " & testcasename() & ": FAIL: Failed to verify RCA message ***");
+              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+            } else {
+              if (f_verify_full_crl(v_to_be_signed_crl) == true) {
+                log("*** " & testcasename() & ": PASS: ToBeSignedCrl received ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
+              } else {
+                log("*** " & testcasename() & ": FAIL: Receive unexpected message ***");
+                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
+              }
+            }
+          }
+          [] tc_ac.timeout {
+            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
+            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
+          }
+        } // End of 'alt' statement
+
+        // Postamble
+        f_cfHttpDown_ca();
+
+      } // End of testcase TC_RCA_CRLGEN_02_BV
+
+    } // End of group crl
+
   } // End of group ca_behavior
 
 } // End of module ItsPki_TestCases
diff --git a/ttcn/AtsPki/ItsPki_TestControl.ttcn b/ttcn/AtsPki/ItsPki_TestControl.ttcn
index 99c263b91af3548d1e1ada9c20a12533fbde8986..67b84ef46d892252393b92c80c8016928151a63a 100644
--- a/ttcn/AtsPki/ItsPki_TestControl.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestControl.ttcn
@@ -66,7 +66,7 @@ module ItsPki_TestControl {
       execute(TC_SECPKI_EA_AUTHVAL_RCV_01_BV());
       execute(TC_SECPKI_EA_AUTHVAL_RCV_02_BI());
     }
-    
+
     if (PICS_IUT_AA_ROLE) {
       execute(TC_SECPKI_AA_AUTH_RCV_01_BV());
       if (PICS_PKI_AUTH_POP) {
@@ -87,7 +87,13 @@ module ItsPki_TestControl {
 
       execute(TC_SECPKI_AA_AUTHVAL_01_BV());
     }
-    
+
+    if (PICS_IUT_CA_ROLE) {
+     execute(TC_RCA_CTLGEN_01_BV());
+
+     execute(TC_RCA_CRLGEN_02_BV());
+    }
+
   } // End of 'control' statement
-  
+
 }  // End of module module ItsPki_TestControl
diff --git a/ttcn/LibIts b/ttcn/LibIts
index 6e0111d02cdab632db6ac26074214f15b57e395b..956ea968e8a7b3701c6fbb1386c3aac2e98c4d46 160000
--- a/ttcn/LibIts
+++ b/ttcn/LibIts
@@ -1 +1 @@
-Subproject commit 6e0111d02cdab632db6ac26074214f15b57e395b
+Subproject commit 956ea968e8a7b3701c6fbb1386c3aac2e98c4d46