SSL certificate for Meraki Dashboard API

Solved
Yuriy
Here to help

SSL certificate for Meraki Dashboard API

Hi Community,

 

Is it possible to configure and use some custom or non-default SSL certificate for Meraki Dashboard API?

 

What is default certificate revocation policy, can it be changed per organization? 

 

Thanks in advance,

Yuriy

1 Accepted Solution
RomanMD
Building a reputation

I don't really understand the question but if I'll answer it as I understand then - No!

 

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

 

Can you provide more context around the question? 

View solution in original post

5 Replies 5
RomanMD
Building a reputation

I don't really understand the question but if I'll answer it as I understand then - No!

 

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

 

Can you provide more context around the question? 

Yuriy
Here to help

Thanks for answer!

 

In short we have the tool which utilize Meraki API and is configured to perform online revocation check.

 

For some users it works and for others it fails with error during revocation check. Here is what we have in request header: 

  • Chain.Status: RevocationStatusUnknown,OfflineRevocation

Maybe it is something on Windows policies configuration side, not sure.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

For the case that fails see which CA is being used (check the issuer field).  The CA certificate will already be installed on your device as a trusted root CA.

Then get CRL field out of the CA certificate from your machine, and then try and request that URL directly to see what happens.

 

It sounds like the retrieval process is experiencing errors.

Yuriy
Here to help

Thank you, I'll dig in that direction then!

PhilipDAth
Kind of a big deal
Kind of a big deal

+1 to @RomanMD .  If you were worried about a man-in-the-middle attack or something (maybe a firewall doing SSL inspection), you could check the certificate issuer and CN are who you expect it to be.

Get notified when there are additional replies to this discussion.