Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL certificate for Meraki Dashboard API

Solved
Yuriy
Here to help
‎Mar 30 2023 10:33 AM
‎Mar 30 2023 10:33 AM

SSL certificate for Meraki Dashboard API

Hi Community,

 

Is it possible to configure and use some custom or non-default SSL certificate for Meraki Dashboard API?

 

What is default certificate revocation policy, can it be changed per organization? 

 

Thanks in advance,

Yuriy

0 Kudos
Subscribe
1 Accepted Solution
RomanMD
Building a reputation
‎Mar 30 2023 11:16 AM
‎Mar 30 2023 11:16 AM

I don't really understand the question but if I'll answer it as I understand then - No!

 

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

 

Can you provide more context around the question? 

View solution in original post

Subscribe
5 Replies 5
RomanMD
Building a reputation
‎Mar 30 2023 11:16 AM
‎Mar 30 2023 11:16 AM

I don't really understand the question but if I'll answer it as I understand then - No!

 

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

 

Can you provide more context around the question? 

Subscribe
In response to RomanMD
Yuriy
Here to help
‎Mar 31 2023 4:17 AM
‎Mar 31 2023 4:17 AM

Thanks for answer!

 

In short we have the tool which utilize Meraki API and is configured to perform online revocation check.

 

For some users it works and for others it fails with error during revocation check. Here is what we have in request header: 

  • Chain.Status: RevocationStatusUnknown,OfflineRevocation

Maybe it is something on Windows policies configuration side, not sure.

 

0 Kudos
Subscribe
In response to Yuriy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 31 2023 12:07 PM
‎Mar 31 2023 12:07 PM

For the case that fails see which CA is being used (check the issuer field).  The CA certificate will already be installed on your device as a trusted root CA.

Then get CRL field out of the CA certificate from your machine, and then try and request that URL directly to see what happens.

 

It sounds like the retrieval process is experiencing errors.

Subscribe
In response to PhilipDAth
Yuriy
Here to help
‎Apr 3 2023 2:59 AM
‎Apr 3 2023 2:59 AM

Thank you, I'll dig in that direction then!

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 30 2023 12:28 PM
‎Mar 30 2023 12:28 PM

+1 to @RomanMD .  If you were worried about a man-in-the-middle attack or something (maybe a firewall doing SSL inspection), you could check the certificate issuer and CN are who you expect it to be.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.