Custom Certificates#
CPMS allows you to customize the device identity certificate chain. Certificates use the X.509 format and must conform to RFC 3280. For an example of a Silicon Labs device certificate, see Authenticating Silicon Labs Devices Using Device Certificates.
Certificate Storage on Series 2 and Series 3 Devices#
Certificate storage locations vary by device security type.
Device Security Level | Certificate Location | Customization Support | Availability |
|---|---|---|---|
Series 2 Secure Vault High (HSE) | Both certificates stored in SE OTP | Device certificate can be customized | Programmed by default |
Series 2 Secure Vault Mid (VSE and HSE) | Both certificates injected into device flash (user-specified address) | Custom certificates supported through CPMS | Available through CPMS certificate injection |
Series 3 Secure Vault (SixG301) | Both certificates injected into device flash (user-specified address) | Custom device certificates supported through CPMS | Available through CPMS certificate injection |
Note: For devices that use flash-based certificate storage, you specify the storage address during CPMS configuration.
Currently, CPMS supports customization of the following device certificate fields:
Common Name: User-defined name of up to 30 characters. The value is appended with the device 64-bit EUI (for example,
EUI:xxxxxxxxxxxxxxxx) and ends with eitherS:SE0 ID:MCUorS:FL0 ID:MCU, depending on the device security type.Organization: User-defined company name of up to 64 characters.
Country: Valid two-letter country code (for example,
US).Organizational Unit: User-defined value of up to 64 characters.
If you require additional certificate customizations, specify them in the Special Instructions section of CPMS.
