The XBee Hive for Wi-SUN comes manufactured with the Initial Device Identifier (IDevID). The IDevID consists of a certificate and key that are used in authenticating and securing connections with other nodes on the Wi-SUN network.
If you wish to deploy your own security certificates and keys you can configure the XBee Hive for Wi-SUN to do so by selecting it to use the Locally significant Device Identifier (LDevID) instead of the IDevID.
|
The identity of the XBee Hive for Wi-SUN is not used when Wi-SUN authentication relies on an external authentication service (RADIUS). |
Configure Wi-SUN LDevID key and certificate
To be compliant with Wi-SUN the LDevID certificate should follow IEEE802.1AR and the following guidelines:
The certificate and key must be in PEM format.
The certificate content:
Version: Must be X.509 Version 3.
Subject Name: Typically empty; device identity is contained in the SubjectAlternativeName extension.
SubjectAlternativeName extension: The certificate must contain a SubjectAlternativeName extension with the otherName field and the extension must be marked critical. The otherName field should be of the type id-on-hardwareModuleName which is defined in RFC4108. The id_on_hardwareModuleName contains the hwType and the hwSerialNum. The hwType is an object identifier that identifies the type of hardware module. The hwSerialNum is the serial number of the hardware and uniquely identifies the device.
| You can just use the value for SubjectAlternativeName from the IDevID that is manufactured on the device. |
ExtendedKeyUsage extension: The certificate must include a ExtendedKeyUsage extension with the id-kp-fan-device and the id-kp-clientAuth object identifiers
| You can just use the same value for ExtendedKeyUsage from the IDevID that is manufactured on the device. |
