Location Scanning API - Untrusted Server Certificate

Solved
Gwangjin
Here to help

Location Scanning API - Untrusted Server Certificate

Hi guys!!

 

 

I'm going to test the Location Scanning API.

So I prepared an HTTPS server.
But an error is occurring as shown in the picture below.

- Untrusted Server Certificate - Please ensure you are using a certificate signed by a valid Certificate Authority(CA)

error_scanning_api.jpg

 

 

 

 

 

 

 

 

 

 

 

 

I don't think there's a problem with the certificate.

 

cert.jpg


Please, let me know what can I do.

 

Thanks in Advance.

1 Accepted Solution
CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)

@Gwangjin just curious are you including the full certificate chain on your server? You'll need to include the full certificate in order for dashboard to connect successfully. You might want to test it with SSL Test to see if any problems are detected with the certificate. If everything checks out then I would definitely agree with @CptnCrnch and reach out to support.

 

This previous thread might be helpful. 

View solution in original post

9 Replies 9
CptnCrnch
Kind of a big deal
Kind of a big deal

Educated guess: Meraki doesn't trust Sectico certs / at least it seems that they don't have its Pubkey.

 

Your best option would be calling support.

CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)

@Gwangjin just curious are you including the full certificate chain on your server? You'll need to include the full certificate in order for dashboard to connect successfully. You might want to test it with SSL Test to see if any problems are detected with the certificate. If everything checks out then I would definitely agree with @CptnCrnch and reach out to support.

 

This previous thread might be helpful. 

Gwangjin
Here to help

I solved the problem with your help.
Thank you very much.

 

solved) Import CA certificate to keystore.

Ammar-Tanveer01
Conversationalist

I am facing the same issue. The server where we have installed the certificate is linux machine and the CA is Entrust Certfication Authority. I am not sure the issue is with CA whihc is not recognised by Meraki or there is anything else????

 

When we open the website, the Certificate information and status is OK but once we validate it throws the error.

 

Failed to validate with status code: 400, error message:Untrusted Server Certificate – Please ensure you are using a certificate signed by a valid Certificate Authority (CA).

 

Need very urgent support.

 

Gwangjin
Here to help

The keystore used by WAS must include CA certificates.
I will share how to make a keystore that I used.

 


(Create keystore file)
1. Create a keystore in PKCS12 format with CA certificates.
    keytool -importcert -keystore [keystore file name] -storepass [password] -storetype PKCS12 -alias rootca -file [Root CA Certification]
    keytool -importcert -keystore [keystore file name] -storepass [password] -storetype PKCS12 -alias root -file [CA Certification]

2. Convert the SSL certificate to PKCS12 format.
    openssl pkcs12 -export -in [public key file] -inkey [private key file] -out [cert file name] -name [Any Name]

3. Import certificate in PKCS12 format to keystore
    keytool -importkeystore -deststorepass [password] -destkeypass [password] -destkeystore [keystore file name] -srckeystore [cert file name] -srcstoretype PKCS12 -srcstorepass [password] -alias [Any Name]

 


ex)
   [Certification]
   RootCA : USERTrustRSAAddTrustCA.der
   CA : SectigoRSADomainValidationSecureServerCA.der
   Public Key : public.key
   Private Key : private.key

 

   [Command]
   keytool -importcert -keystore keystore.jks -storepass Password1! -storetype PKCS12 -alias rootca -file USERTrustRSAAddTrustCA.der
   keytool -importcert -keystore keystore.jks -storepass Password1! -storetype PKCS12 -alias root -file SectigoRSADomainValidationSecureServerCA.der

   openssl pkcs12 -export -in public.key -inkey private.key -out mscanning.p12 -name mscanning12

 

   keytool -importkeystore -deststorepass Password1! -destkeypass Password1! -destkeystore keystore.jks -srckeystore mscanning.p12 -srcstoretype PKCS12 -srcstorepass Password1! -alias mscannings

Ammar-Tanveer01
Conversationalist

CA Issue Meraki1.JPG

Ammar-Tanveer01
Conversationalist

@GwangjinThank you for your response.

Just want to know when you encountered the issue, the URL was showing any certificate error? example, were you able to see the valid certificate issue on Website?

 

Also, the solution you shared is for linux? We are using CentOS.

Gwangjin
Here to help

I used Tomcat as WAS (Web Application Server).
This is not affected by the OS.

 

So, I have some questions.
Q1. What does your WAS use?
      - SSL settings may vary depending on WAS.
Q2. Does your keystore contain all certificates (CA)?
Q3. Can you send your keystore (with your password)?
Q4. Can you show me the error screen from the Meraki dashboard?

 

I hope your problem will be solved soon.

maollano
New here

Hi

has someone managed to solve? The exact same thing happens to me and I have not been able to solve it

Regards

 

"Failed to validate with status code: 400, error message:
Untrusted Server Certificate – Please ensure you are using a certificate signed by a valid Certificate Authority (CA)"

 

The certificate is issued by ZeroSSL

 

Regards

Get notified when there are additional replies to this discussion.