Certificate File Modification#

Combined Certificate File#

If you intend to install both certificates onto a device, you may combine the contents of the certificate files into a single file.

Note: This portion of the process is subject to change if Certicom's certificate generation web page alters its output format. Silicon Labs is working with Certicom in the hope of achieving a more consistent output format in the future, one which would require less manual editing before programming.

ECC 163k1 Curve#

At the beginning of this process, the certificate text file you created in the previous step should look something like this (with different hex numbers in the fields):

CA Pub Key: 0200fde8a7f3d1084224962a4e7c54e69ac3f04da6b8
Device Implicit Cert: 02040e92886475999701a626a75be9cfb9ccb0ee7481
000d6f000092e047544553545345434101091083d1bbd1bbd1bb
Device Private Key: 00ea5606dec9ec8f85a5f53405b67b2988b74bcd73
Device Public Key: 0202f25c9e4aaf910d6bbc16f444715d39962e3a5500

  1. Remove "Device Public Key" line from the certificate text file, as our tools do not use it.

  2. Remove extra line breaks in the hex string following "Device Implicit Cert:" so that all characters are on one line.

  3. Change "CA Pub Key" to "CA Public Key"

  4. Make sure that only a single blank space is between the ":" and the hex string of each line (no tabs or extra white space).

  5. Remove the extra blank space at the end of each line before the line return.

At the end of the process, the certificate text file should look like the following, with the Device Implicit Cert line on a single line:

CA Public Key: 0200fde8a7f3d1084224962a4e7c54e69ac3f04da6b8
Device Implicit Cert:
02040e92886475999701a626a75be9cfb9ccb0ee7481000d6f000092e047544553545345434101091083d1bbd1bbd1bb
Device Private Key: 00ea5606dec9ec8f85a5f53405b67b2988b74bcd73

ECC 283k1 Curve#

At the beginning of this process, the certificate text file you created in the previous step should look something like this (with different hex numbers in the fields):

CA Pub Key: 0207a445022d9f39f49bdc38380026a27a9e0a1799313ab28c5c1a1c6b605154db1dff6752
Device Implicit Cert:
00e4d6197cf4b7b87e0d081112131415161718005320b5f6ffffffff000000000000000900
0200849946d913e09111970ff24bac05605fecaf258dfc1c586de5690de8b8d11b393a1b69
Device Private Key: 01817e7b640c0833c3daa12cf57284e959551455246a0cbcf876955c4492a0416350255d
Device Public Key: 02064af594acdee3c5cc41086c3f72f5b3ef6197cee9726e98d78227b4e0401cf08df0781d

  1. Remove "Device Public Key" line from the certificate text file, as our tools do not use it.

  2. Remove extra line breaks in the hex string following "Device Implicit Cert:" so that all characters are on one line.

  3. Change "CA Pub Key" to "CA Public Key (283k1)".

  4. Change "Device Implicit Cert" to "Device Implicit Cert (283k1)".

  5. Change "Device Private Key" to "Device Private Key (283k1)".

  6. Make sure that only a single blank space is between the ":" and the hex string of each line (no tabs or extra white space).

  7. Remove the extra blank space at the end of each line before the line return.

CA Public Key (283k1): 0207a445022d9f39f49bdc38380026a27a9e0a1799313ab28c5c1a1c6b605154db1dff6752
Device Implicit Cert (283k1):
00e4d6197cf4b7b87e0d081112131415161718005320b5f6ffffffff0000000000000009000200849946d913e09111970ff24bac05605fecaf258dfc1c586de5690de8b8d11b393a1b69
Device Private Key (283k1):
01817e7b640c0833c3daa12cf57284e959551455246a0cbcf876955c4492a0416350255d

Certificate Programming#

  1. Ensure that Simplicity Commander (version 0.15 or higher) is installed.

  2. Change to the directory where the certificate text file is stored.

  3. Determine the serial number or IP address of the target node’s WSTK main board. This is visible from on the device’s LCD display or can be determined by using the following command and selecting the node of interest from the pop-up window:

    commander adapter probe

  4. Run either of the following command to apply the certificate (shown for Serial Number 440056147 and IP address 192.168.0.1 and certificate filename cert_001.txt):

    commander flash –-tokengroup znet –-tokenfile cert_001.txt -–serialno 440056147
commander flash –-tokengroup znet –-tokenfile cert_001.txt –-ip 192.168.0.1

  5. Run either of the following commands to verify the certificate data:

    commander tokendump –-tokengroup znet -–serialno 440056147
commander tokendump –-tokengroup znet –-ip 192.168.0.1