====Smart Energy 证书管理====
ZigBee Smart Energy网络中的所有设备都必须安装一个证书，它用来鉴权该设备并允许它加入以及在网络内通信。 一个证书必须有CA机构发行，每个证书和设备的64位地址绑定。当前CA发行有两种证书。生产型证书在实际的Smart Energy应用环境中使用。测试证书也可以由CA发行，并且和生产型证书完全相同。但一个设备配置有测试证书不能保证安全加入生产型网络和安全地通信。测试证书通常在开发和测试阶段使用，比如同正在开发测试的原型机通信，而不应该在实际部署环境中使用。

**X2e Smart Energy网关中的证书**

所有的Digi ConnectPort X2e SE网关已经被认证被配有一个生产型的证书。允许它快速加入或创建一个实际部署的SE网络。在开发测试过程中一个测试证书可能会被安装，网关原来的生产型证书可以在任意时间复位，只需移除测试证书。

Digi Smart Energy的网页工具提供一个非常简单的用户接口来请求或烧入证书到网关中。请参考[[https://digi-se.appspot.com/edocs/appendices/digi-se/certificates.html#digi-se-certificates|Digi SE Certificates]]这一章节（在Appspot上，需翻墙）

**标准SE模块上的证书**

标准XBee模块被没作为一个具体的Smart energy设备，所以不能在一个大型的系统中直接被鉴权。所以它不能预配置一个生产证书。为了让XBee模块加入SE网络并安全地通信，需首先获取一个测试证书并安装。

**获取测试证书**
最简单的方法来获取一个测试证书是使用[[https://digi-se.appspot.com/edocs/appendices/digi-se/certificates.html#digi-se-certificates|Digi SE Certificates]]。您需要有设备云帐户和Certicom帐户来使用这个工具。

**Determining EUI of a ConnectPort X2e for Smart Energy**
The EUI of a Smart Energy gateway’s XBee radio may be determined in several ways depending on available access.

Through the Device Cloud portal, launch the Device Manager. Once the Device Manager has loaded, double-click on your device and select Diagnostics under System Information. The EUI will be displayed as gateway_addr under Mesh Network Information.

The get_zigbee_network_status RPC command will return the EUI of the gateway’s XBee, among other information.:

<get_zigbee_network_status/>

**Determining EUI of a Standalone XBee Module**

The EUI of a standalone XBee module serially attached to your computer can be obtained in the following ways.

Run the In-Premise Display/Meter Simulator sample on page 33 and open the serial port associated with the XBee. Once opened the XBee’s EUI will be displayed under XBee Settings.
Run X-CTU (see Resources on page 7), and open the serial port associated with the XBee. Once the serial port has been opened and communication established click the Modem Configuration tab and then the Read button under Modem Parameters and Firmware. Once all modem parameters are read the high 32-bits of EUI are listed as SH - Serial Number High and the low 32-bits are listed as SL - Serial Number Low, both under the Addressing subfolder.

**Installing Certificates**

Certificates obtained from Certicom should have the following format where ######## will be a long hexadecimal number for each entry.

CA Public Key: ########
Device Implicit Cert: ########
Device Private Key: ########
Device Public Key: ########
To install certificates onto either the ConnectPort X2e for Smart Energy or a standalone XBee an AT command must be sent to configure the CA Public KEY (ZU), Device Implicit Cert (ZT), and Device Private Key (ZV). Be careful to avoid having any leading or trailing whitespace when copying these values.

**Installing Certificates on the ConnectPort X2e for Smart Energy**

Use the xbee_AT RPC command to install a certificate. After installing a certificate, the XBee should be made to reform or leave its current network, depending on whether the XBee is a coordinator or router. This is because it would not make sense to remain on the current network with a changed certificate.

Execute the following RPC commands in this order:

1. Configure CA Public Key

<xbee_AT>
        <command type="string">ZU</command>
        <value type="base16">########</value>
</xbee_AT>
2. Configure Device Implicit Cert

<xbee_AT>
        <command type="string">ZT</command>
        <value type="base16">########</value>
</xbee_AT>
3. Configure Device Private Key

<xbee_AT>
        <command type="string">ZV</command>
        <value type="base16">########</value>
</xbee_AT>
4. Write settings to non-volatile flash

<xbee_AT>
        <command type="string">WR</command>
</xbee_AT>
5. Restart the XBee’s firmware

<xbee_AT>
        <command type="string">FR</command>
</xbee_AT>
6. Have the XBee leave or reform its current network

<leave_network/>

**Installing Certificates on a Standalone XBee Module**

The easiest method to install a certificate on a Standalone XBee Module is using the Digi-SE Certificates.

If this is not possible X-CTU may also be used to send the necessary AT commands. However, X-CTU does not provide direct support for the certificate AT commands. The command packets must be manually created, entered into the Terminal tab, and sent to the XBee. (For downloading the X-CTU see Downloads and for accessing the XBee SE Manual see the Online Documentation)

**Reverting/Unininstalling Certificates**

Certificates may be removed from either the ConnectPort X2e for Smart Energy or a standalone XBee. Follow instructions in the appropriate section for installing a certificate except with a value of 0 for the ZU (CA Public Key), ZV (Device Implicit Cert), and ZT (Device Private Key) commands.

A ConnectPort X2e for Smart Energy will revert to its original production certificate when this procedure is followed.

**Production Certificates and Modifications**

The ConnectPort X2e for Smart Energy underwent official testing through National Technical Systems (NTS) for Smart Energy certification to allow installation of production certificates. The ZigBee Smart Energy Test Specification and other ZigBee documents provide a set of guidelines for what hardware and/or software changes may require recertification. When making any modifications reference these documents and determine if recertification may be required. Digi International may be able to provide support for recertification. Contact your Sales Representative for more details.