Certificate File Types

These file types conform to the Common File Structure format. The File Payload of these files contain a certificate in PEM format.

Certificates must be loaded into the device in the order of trust starting with the root CA, next intermediate CA(s) and ending with the leaf (server or client for example) so that the device can verify the signature of each certificate. If the certificates are not loaded in order, they will be rejected.

When loading a server cert, the associated key pair must already exist in the device as the CSR keys or as the existing server or client cert and will be used to verify that the public key contained in the certificate is correct. If the keys don’t match the certificate will be rejected. If the certificate is associated with the CSR keys, the CSR keys will be associated with the certificate and will no longer be available for other certificates until re-generated.

Initial server or client certificates can not be loaded until the respective CSR keys and CSR is generated. To generate a CSR see Command 0xEF03 – Generate CSR (WLAN Only).