SE Certificate implementation

We are currently using your Xbee PRO modules and will shortly be upgrading them to SE firmware.

Do you have an example of how to access the test certificate (assuming it has been loaded into the firmware already) to create the associated link keys?

a Step be step example would be good.

We have access to the test certificates supplied by Certicom.

A Certificate consists of 4 keys, only three of which need to be serially installed on an XBee. The Device Public Key is not needed. Here is an example test certificate, for MAC address 0013A200404C15A4.

CA Public Key: 0200fde8a7f3d1084224962a4e7c54e69ac3f04da6b8
Device Implicit Cert: 03061958d95eaf5477be7c89a94a85aabbb08cdd3d0b0013a200404c15a4544553545345434101090010000000000000
Device Private Key: 03ea7f821cd85f0d4f6a782b2e6994df1cc48be8fd
Device Public Key: 030149359f204a4e010835d69baaddfcd857d395d647

There are three AT commands which are used for installing Certificate keys.
ZU - 22 byte public key (CA Public key)
ZT - 48 byte implicit device certificate (Device Implicit Cert)
ZV - 21 byte private key (Device private key)

Convert the AT commands and their parameters into AT command API packets.

The ZU command with the CA public key parameter:
7E 00 1A 08 01 5A 55 02 00 FD E8 A7 F3 D1 08 42 24 96 2A 4E 7C 54 E6 9A C3 F0 4D A6 B8 CB

The ZT command with the Device Implicit Cert parameter:
7E 00 34 08 01 5A 54 03 06 19 58 D9 5E AF 54 77 BE 7C 89 A9 4A 85 AA BB B0 8C DD 3D 0B 00 13 A2
00 40 4C 15 A4 54 45 53 54 53 45 43 41 01 09 00 10 00 00 00 00 00 00 AC

The ZV command with the Device Private Key parameter:
7E 00 19 08 01 5A 56 03 EA 7F 82 1C D8 5F 0D 4F 6A 78 2B 2E 69 94 DF 1C C4 8B E8 FD 42

With XCTU (or other means) write the packets to the serial port of the target XBee.

Send a write command (WR) to commit the certificate to non-volatile memory.
7E 00 04 08 01 77 72 0D

Send a verify certificate (VC) command to verify the presence of a certificate. A returned parameter of ‘1’ indicates a certificate is present, a ‘0’ indicates it is not.
7E 00 04 08 01 56 43 5D

To remove or clear a certificate, prepare AT command API packets using keys filled with zeroes.

Thank you for a speedy and concise reply. I will give it a go.



Ok, I have successfully installed the test certificates.
In your examples you reference a number of AT commands, ZU, ZT, ZV etc. There is also reference to EO in appdx D od doc 90033931_A.pdf.

Where is the documentation for these commands.

Also, I assume with certificates now installed, I no longer need to pre configure link keys with the KY command?

I assume if I initiate the EO command, all key generation and link establishment will be handled by the stack?



Further to the above…

I have, as I said installed the certificates. I then set EO 8 on the router, tried to get it to join, but no success.

What else do I need to check/do?



More on above…
Monitoring the API messages on the router I am getting the following back…

ZNET_EXPLICIT_RX_RESPONSE (0x91),length=24,checksum=0x1f,error=false,
remoteAddress64=0x00 0x13 0xa2 0x00 0x40 0x54 0x20 0xff,
remoteAddress16=0x00 0x00,
option=PACKET_ACKNOWLEDGED,data=0x01 0x00 0x00 0x00 0x01 0x5e,

Is this saying I am getting a match_descript_rsp error?




How are you programming device after burning firmware ?

I was wondering if there is any soluition like this

But, the above library only supports ZigBee and not SE.

Any response would be highly appreciated.


Hello Krishna,
I’m new with xbee and SEP. I find that I may do the similar things with you, in your Network the smart energy, is there standard xbee module? If so, did you demand certificate and install successfully?