Meraki

Community

SSL certificate for Meraki Dashboard API

Solved
Yuriy
Here to help
‎Mar 30 2023 10:33 AM
‎Mar 30 2023 10:33 AM

SSL certificate for Meraki Dashboard API

Hi Community,

 

Is it possible to configure and use some custom or non-default SSL certificate for Meraki Dashboard API?

 

What is default certificate revocation policy, can it be changed per organization? 

 

Thanks in advance,

Yuriy

0 Kudos
1 Accepted Solution
RomanMD
Building a reputation
‎Mar 30 2023 11:16 AM
‎Mar 30 2023 11:16 AM

I don't really understand the question but if I'll answer it as I understand then - No!

 

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

 

Can you provide more context around the question? 

View solution in original post

5 Replies 5
RomanMD
Building a reputation
‎Mar 30 2023 11:16 AM
‎Mar 30 2023 11:16 AM

I don't really understand the question but if I'll answer it as I understand then - No!

 

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

 

Can you provide more context around the question? 

In response to RomanMD
Yuriy
Here to help
‎Mar 31 2023 4:17 AM
‎Mar 31 2023 4:17 AM

Thanks for answer!

 

In short we have the tool which utilize Meraki API and is configured to perform online revocation check.

 

For some users it works and for others it fails with error during revocation check. Here is what we have in request header: 

  • Chain.Status: RevocationStatusUnknown,OfflineRevocation

Maybe it is something on Windows policies configuration side, not sure.

 

0 Kudos
In response to Yuriy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 31 2023 12:07 PM
‎Mar 31 2023 12:07 PM

For the case that fails see which CA is being used (check the issuer field).  The CA certificate will already be installed on your device as a trusted root CA.

Then get CRL field out of the CA certificate from your machine, and then try and request that URL directly to see what happens.

 

It sounds like the retrieval process is experiencing errors.

In response to PhilipDAth
Yuriy
Here to help
‎Apr 3 2023 2:59 AM
‎Apr 3 2023 2:59 AM

Thank you, I'll dig in that direction then!

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 30 2023 12:28 PM
‎Mar 30 2023 12:28 PM

+1 to @RomanMD .  If you were worried about a man-in-the-middle attack or something (maybe a firewall doing SSL inspection), you could check the certificate issuer and CN are who you expect it to be.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.