diff --git a/config/v201/component_config/standardized/InternalCtrlr.json b/config/v201/component_config/standardized/InternalCtrlr.json
index 28ce3b60f..45d77cca0 100644
--- a/config/v201/component_config/standardized/InternalCtrlr.json
+++ b/config/v201/component_config/standardized/InternalCtrlr.json
@@ -770,6 +770,38 @@
           "minimum": 1,
           "default": "60",
           "type": "integer"
+      },
+      "AllowCSMSRootCertInstallWhenSecurityProfile1": {
+        "variable_name": "AllowCSMSRootCertInstallWhenSecurityProfile1",
+        "characteristics": {
+          "supportsMonitoring": true,
+          "dataType": "boolean"
+        },
+        "attributes": [
+          {
+            "type": "Actual",
+            "mutability": "ReadOnly"
+          }
+        ],
+        "description": "The flag that indicates if installation of CSMSRootCertificate is allowed when security profile is 1.",
+        "default": true,
+        "type": "boolean"
+      },
+      "AllowMFRootCertInstallWhenSecurityProfile1": {
+        "variable_name": "AllowMFRootCertInstallWhenSecurityProfile1",
+        "characteristics": {
+          "supportsMonitoring": true,
+          "dataType": "boolean"
+        },
+        "attributes": [
+          {
+            "type": "Actual",
+            "mutability": "ReadOnly"
+          }
+        ],
+        "description": "The flag that indicates if installation of ManufacturerRootCertificate is allowed when security profile is 1.",
+        "default": true,
+        "type": "boolean"
       }
   },
   "required": [
diff --git a/config/v201/component_config/standardized/SecurityCtrlr.json b/config/v201/component_config/standardized/SecurityCtrlr.json
index 547b9f690..ab13d92f4 100644
--- a/config/v201/component_config/standardized/SecurityCtrlr.json
+++ b/config/v201/component_config/standardized/SecurityCtrlr.json
@@ -177,38 +177,6 @@
       "maximum": 3,
       "default": "1",
       "type": "integer"
-    },
-    "AllowCSMSRootCertificateInstallWhenLowSecurityProfile": {
-      "variable_name": "AllowCSMSRootCertificateInstallWhenLowSecurityProfile",
-      "characteristics": {
-        "supportsMonitoring": true,
-        "dataType": "boolean"
-      },
-      "attributes": [
-        {
-          "type": "Actual",
-          "mutability": "ReadWrite"
-        }
-      ],
-      "description": "The flag that indicates if installation of CSMSRootCertificate is allowed when security profile is 1.",
-      "default": true,
-      "type": "boolean"
-    },
-    "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile": {
-      "variable_name": "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile",
-      "characteristics": {
-        "supportsMonitoring": true,
-        "dataType": "boolean"
-      },
-      "attributes": [
-        {
-          "type": "Actual",
-          "mutability": "ReadWrite"
-        }
-      ],
-      "description": "The flag that indicates if installation of ManufacturerRootCertificate is allowed when security profile is 1.",
-      "default": true,
-      "type": "boolean"
     }
   },
   "required": [
diff --git a/include/ocpp/v201/charge_point.hpp b/include/ocpp/v201/charge_point.hpp
index 4a29d9bb9..63435d69b 100644
--- a/include/ocpp/v201/charge_point.hpp
+++ b/include/ocpp/v201/charge_point.hpp
@@ -782,10 +782,10 @@ class ChargePoint : public ChargePointInterface, private ocpp::ChargingStationBa
     /// If \param persist is set to true, the change will be persisted across a reboot
     void execute_change_availability_request(ChangeAvailabilityRequest request, bool persist);
 
-    /// \brief Helper function to determine if a certificate installation should be rejected
+    /// \brief Helper function to determine if a certificate installation should be allowed
     /// \param cert_type is the certificate type to be checked
-    /// \return true if it should be rejected
-    bool should_reject_certificate_install(InstallCertificateUseEnum cert_type) const;
+    /// \return true if it should be allowed
+    bool should_allow_certificate_install(InstallCertificateUseEnum cert_type) const;
 
 protected:
     std::shared_ptr<SmartChargingHandlerInterface> smart_charging_handler;
diff --git a/include/ocpp/v201/ctrlr_component_variables.hpp b/include/ocpp/v201/ctrlr_component_variables.hpp
index 9f21f329b..5172d29f1 100644
--- a/include/ocpp/v201/ctrlr_component_variables.hpp
+++ b/include/ocpp/v201/ctrlr_component_variables.hpp
@@ -201,8 +201,8 @@ extern const ComponentVariable& MaxCertificateChainSize;
 extern const ComponentVariable& UpdateCertificateSymlinks;
 extern const RequiredComponentVariable& OrganizationName;
 extern const RequiredComponentVariable& SecurityProfile;
-extern const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile;
-extern const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile;
+extern const ComponentVariable& AllowCSMSRootCertInstallWhenSecurityProfile1;
+extern const ComponentVariable& AllowMFRootCertInstallWhenSecurityProfile1;
 extern const ComponentVariable& ACPhaseSwitchingSupported;
 extern const ComponentVariable& SmartChargingCtrlrAvailable;
 extern const ComponentVariable& SmartChargingCtrlrEnabled;
diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp
index c879f4da1..e90f8cbf1 100644
--- a/lib/ocpp/v201/charge_point.cpp
+++ b/lib/ocpp/v201/charge_point.cpp
@@ -3588,26 +3588,24 @@ void ChargePoint::handle_get_installed_certificate_ids_req(Call<GetInstalledCert
     this->send<GetInstalledCertificateIdsResponse>(call_result);
 }
 
-bool ChargePoint::should_reject_certificate_install(InstallCertificateUseEnum cert_type) const {
+bool ChargePoint::should_allow_certificate_install(InstallCertificateUseEnum cert_type) const {
     const int security_profile = this->device_model->get_value<int>(ControllerComponentVariables::SecurityProfile);
 
     if (security_profile > 1) {
-        return false;
+        return true;
     }
     switch (cert_type) {
     case InstallCertificateUseEnum::CSMSRootCertificate:
-        return !this->device_model
-                    ->get_optional_value<bool>(
-                        ControllerComponentVariables::AllowCSMSRootCertificateInstallWhenLowSecurityProfile)
-                    .value_or(true);
+        return this->device_model
+            ->get_optional_value<bool>(ControllerComponentVariables::AllowCSMSRootCertInstallWhenSecurityProfile1)
+            .value_or(true);
 
     case InstallCertificateUseEnum::ManufacturerRootCertificate:
-        return !this->device_model
-                    ->get_optional_value<bool>(
-                        ControllerComponentVariables::AllowManufacturerRootCertificateInstallWhenLowSecurityProfile)
-                    .value_or(true);
+        return this->device_model
+            ->get_optional_value<bool>(ControllerComponentVariables::AllowMFRootCertInstallWhenSecurityProfile1)
+            .value_or(true);
     default:
-        return false;
+        return true;
     }
 }
 
@@ -3617,11 +3615,11 @@ void ChargePoint::handle_install_certificate_req(Call<InstallCertificateRequest>
     const auto msg = call.msg;
     InstallCertificateResponse response;
 
-    if (should_reject_certificate_install(msg.certificateType)) {
+    if (!should_allow_certificate_install(msg.certificateType)) {
         response.status = InstallCertificateStatusEnum::Rejected;
         response.statusInfo = StatusInfo();
         response.statusInfo->reasonCode = "LowSecurityProfile";
-        response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateInstall";
+        response.statusInfo->additionalInfo = "CertificateInstallationNotAllowedWhenSecurityProfile1";
     } else {
         const auto result = this->evse_security->install_ca_certificate(
             msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType));
diff --git a/lib/ocpp/v201/ctrlr_component_variables.cpp b/lib/ocpp/v201/ctrlr_component_variables.cpp
index 8e93c52b5..b3c115e3a 100644
--- a/lib/ocpp/v201/ctrlr_component_variables.cpp
+++ b/lib/ocpp/v201/ctrlr_component_variables.cpp
@@ -359,6 +359,20 @@ const ComponentVariable& ResumeTransactionsOnBoot = {
         "ResumeTransactionsOnBoot",
     }),
 };
+const ComponentVariable& AllowCSMSRootCertInstallWhenSecurityProfile1 = {
+    ControllerComponents::InternalCtrlr,
+    std::nullopt,
+    std::optional<Variable>({
+        "AllowCSMSRootCertInstallWhenSecurityProfile1",
+    }),
+};
+const ComponentVariable& AllowMFRootCertInstallWhenSecurityProfile1 = {
+    ControllerComponents::InternalCtrlr,
+    std::nullopt,
+    std::optional<Variable>({
+        "AllowMFRootCertInstallWhenSecurityProfile1",
+    }),
+};
 const ComponentVariable& AlignedDataCtrlrEnabled = {
     ControllerComponents::AlignedDataCtrlr,
     std::nullopt,
@@ -1116,20 +1130,6 @@ const RequiredComponentVariable& SecurityProfile = {
         "SecurityProfile",
     }),
 };
-const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile = {
-    ControllerComponents::SecurityCtrlr,
-    std::nullopt,
-    std::optional<Variable>({
-        "AllowCSMSRootCertificateInstallWhenLowSecurityProfile",
-    }),
-};
-const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile = {
-    ControllerComponents::SecurityCtrlr,
-    std::nullopt,
-    std::optional<Variable>({
-        "AllowCSMSRootCertificateInstallWhenLowSecurityProfile",
-    }),
-};
 const ComponentVariable& ACPhaseSwitchingSupported = {
     ControllerComponents::SmartChargingCtrlr,
     std::nullopt,