https Webhook with self signed certificate

Solved
andershed
New here

https Webhook with self signed certificate

Hi, We have now been struggling for some hours trying to figure out the problem with receiving webhooks. We have it working with http but with https it keeps failing.

We have installed a Self signed certificate and it seems like that is the problem?

We have it working on another receiver with "CA-cert"

 

We have done some packet capture from both receivers and the one with Self-Signed (that fails) looks like this:

 

4 0.031803 209.206.xx.xx <our receiver ip> TLSv1.2 208 Client Hello
5 0.031823 <our receiver ip> 209.206.xx.xx TCP 66 443 → 48422 [ACK] Seq=1 Ack=143 Win=30080 Len=0 TSval=2168442384 TSecr=3587969089
6 0.034570 <our receiver ip> 209.206.xx.xx TLSv1.2 1907 Server Hello, Certificate, Server Key Exchange, Server Hello Done
7 0.065342 209.206.xx.xx <our receiver ip> TCP 66 48422 → 443 [ACK] Seq=143 Ack=1369 Win=32000 Len=0 TSval=3587969098 TSecr=2168442387
8 0.065371 209.206.xx.xx <our receiver ip> TCP 66 48422 → 443 [ACK] Seq=143 Ack=1842 Win=34816 Len=0 TSval=3587969098 TSecr=2168442387
9 0.117227 209.206.xx.xx <our receiver ip> TLSv1.2 73 Alert (Level: Fatal, Description: Certificate Unknown)

 

Is it possible to make it work with self signed cert?

 

regards

///A

 

 

 

1 Accepted Solution
BrechtSchamp
Kind of a big deal

I'm afraid there isn't. You'd have to be able to tell the Meraki servers to trust your specific self-signed certificate to keep things reasonably secure, which you can't at the moment. Without this Meraki would have to trust any certificate upon establishing the HTTPS connection which would be a big nono.

View solution in original post

1 Reply 1
BrechtSchamp
Kind of a big deal

I'm afraid there isn't. You'd have to be able to tell the Meraki servers to trust your specific self-signed certificate to keep things reasonably secure, which you can't at the moment. Without this Meraki would have to trust any certificate upon establishing the HTTPS connection which would be a big nono.
Get notified when there are additional replies to this discussion.