By default, the XBee Hive for Wi-SUN and XBee for Wi-SUN are provisioned at the factory with a unique IEEE 802.1AR Initial Device Identifier (IDevID). This identifier is used to authenticate devices during secure onboarding to the Wi-SUN network.
In some environments, it may be necessary to override the IDevID with a Local Device Identifier (LDevID) that uses custom certificate credentials.
|
When an LDevID is configured, it replaces the IDevID as the credential used during Wi-SUN network authentication. Devices without a valid LDevID will continue using the factory-installed IDevID unless explicitly disabled. |
Override the IDevID with an LDevID
Overriding the IDevID allows network administrators to replace the factory-issued certificate with a locally issued one that aligns with organizational or regulatory requirements.
Common use cases include:
-
Integrating with a private Public Key Infrastructure (PKI).
-
Aligning with enterprise certificate authority (CA) hierarchies.
-
Complying with region-specific or industry security standards.
-
Supporting RADIUS, EAP-TLS, or other enterprise authentication systems.
-
Enabling secure mesh join without relying on the Border Router’s allowlist.
Configure an LDevID
Follow the instructions based on your device type to install a custom certificate and configure an LDevID:
These guides explain how to:
-
Load your own device identity certificate.
-
Manage the trusted root CA store.
-
Deploy the certificate securely to production devices.
