Home/Support/Support Forum/Example for creating self-signed certificates for Xbee3 Cellular?

Example for creating self-signed certificates for Xbee3 Cellular?

+1 vote
We're trying to test mutual TLS authentication with the XBee3 Cellular modules (both the CAT1 and the LTE-M), and we're starting out with self-signed certificates for both the server and client certificates for our test server. We're having authentication issues and we believe one issue that we don't know the correct way to create self-signed certificates using openssl.

Does anyone have an example of how to use openssl to create a self-signed server certificate and client certificates that will work with the Xbee Cellular modems?
asked May 9 in XBee Cellular by bevenson New to the Community (9 points)

Please log in or register to answer this question.

1 Answer

+1 vote
The only limitation on the Xbee Cellular platforms are only one certificate is allowed per file. Details: https://www.digi.com/resources/documentation/digidocs/90001525/default.htm#reference/r_tls_cert_limits.htm%3FTocPath%3DTransport%2520Layer%2520Security%2520(TLS)%7C_____5

The RSA PKCS#1 format is the only common format across XBee Cellular device variants. You can identify a PKCS#1 key file by the presence of BEGIN RSA PRIVATE KEY in the file header.

If you search the internet for how to use openssl, you should have success on the XBee Cellular products. Example:
https://blog.cloudboost.io/implementing-mutual-ssl-authentication-fc20ab2392b3

Also make sure you have configured the device correctly.
Set AT$0 appropriately:
https://www.digi.com/resources/documentation/digidocs/90001525/default.htm#reference/r_cmd__0.htm%3FTocPath%3DAT%2520commands%7CNetwork%2520commands%7C_____3

Make sure the cert files are on the device where you specify.

The docs have everything documented you need to complete your task.
answered May 10 by DigiFan23 Seasoned Professional (193 points)
There's one detail related to creating the certificates that I can't find related to the XBee3 cellular modules.  When creating the keys, can the keys for the client certificate be created with a password or not?  I can't find anywhere a place that specifically states if either way will work or not.
You will not use a password. The XBee device will encrypt the private key appropriately when you upload it as a secure file. You can Upload private keys securely with `ATFS XPUT filename` (Or there is an option in XCTU file manager).
Make sure that the files are in the cert directory.
The Docs here describe that process:
https://www.digi.com/resources/documentation/digidocs/90001525/default.htm#reference/r_tls_at_cmds.htm?Highlight=%22Upload%20private%20keys%20securely%20with%22
...