Example for creating self-signed certificates for Xbee3 Cellular?

We’re trying to test mutual TLS authentication with the XBee3 Cellular modules (both the CAT1 and the LTE-M), and we’re starting out with self-signed certificates for both the server and client certificates for our test server. We’re having authentication issues and we believe one issue that we don’t know the correct way to create self-signed certificates using openssl.

Does anyone have an example of how to use openssl to create a self-signed server certificate and client certificates that will work with the Xbee Cellular modems?

1 Like

The only limitation on the Xbee Cellular platforms are only one certificate is allowed per file. Details: https://www.digi.com/resources/documentation/digidocs/90001525/default.htm#reference/r_tls_cert_limits.htm%3FTocPath%3DTransport%2520Layer%2520Security%2520(TLS)|_____5

The RSA PKCS#1 format is the only common format across XBee Cellular device variants. You can identify a PKCS#1 key file by the presence of BEGIN RSA PRIVATE KEY in the file header.

If you search the internet for how to use openssl, you should have success on the XBee Cellular products. Example:

Also make sure you have configured the device correctly.
Set AT$0 appropriately:

Make sure the cert files are on the device where you specify.

The docs have everything documented you need to complete your task.

1 Like

There’s one detail related to creating the certificates that I can’t find related to the XBee3 cellular modules. When creating the keys, can the keys for the client certificate be created with a password or not? I can’t find anywhere a place that specifically states if either way will work or not.

You will not use a password. The XBee device will encrypt the private key appropriately when you upload it as a secure file. You can Upload private keys securely with ATFS XPUT filename (Or there is an option in XCTU file manager).
Make sure that the files are in the cert directory.
The Docs here describe that process: