Abstract: The development of smart grids is rapid nowadays. The security of data communication between measurement and control devices, protection devices and monitoring backends in substations has become a core foundation for ensuring the stable operation of power systems. Traditional CMS(Communication Message Specification)communication protocols based on single certificates have problems such as key reuse risks, performance bottlenecks and conflicts in certificate management strategies. To address these issues, this paper proposes a dual-certificate implementation method and system based on national cryptographic algorithms (SM2/SM3/SM4). This method separates the encryption certificate from the signature certificate, with the encryption certificate dedicated to negotiating session keys for encrypted communication data, and the signature certificate used for identity authentication and data integrity protection. The paper elaborates in detail on the architecture design, workflow, key management mechanism and anti-replay attack strategy of the dual-certificate system. Experiments and analyses show that compared with the traditional single-certificate scheme, this method has significant improvements in security, processing performance and management flexibility, and can effectively meet the high-security and high-reliability communication requirements of smart grids.