INFO: radius.meraki.com certificate renewal for Sentry WiFi

PaulF
Meraki Employee

INFO: radius.meraki.com certificate renewal for Sentry WiFi

Hello all.

 

As many of you may have received an email recently talking about the radius.meraki.com certificate renewal, I wanted to give a little more context, show a script you can use to do a survey of all of your devices and highlight devices which DON'T have the updated cert, and the implications of no action

 

Firstly, you may have received an email, or seen the banners in dashboard:

 

Screenshot 2023-01-20 at 10.09.41 AM.png

This takes you to this page: https://documentation.meraki.com/SM/Other_Topics/Meraki_Authentication_Server_Certificate_Rotation_-...

 

You've received this because you may be using Sentry: This is when you use certificates to authenticate onto an SSID on Meraki MR, the certificate being automatically generated for Systems Manager devices

 

So, how do you determine which devices need action?

 

I wrote a script, available here: 

 

 https://github.com/meraki/automation-scripts/tree/master/RadiusCertSurvey

 

There's two files:

 

RadiusCertSurvey.py

RadiuscertSurveyResults.csv

 

If you have already done so, you'll need to install the Meraki Python Library: Information here: https://pypi.org/project/meraki/

 

Once you've done that, you can run the script with:

 

python3 RadiusCertSurvey.py -k <yourapikey> -n <YourMerakiNetworkID>

 

 

(venv) RadiusCertSurvey % python3 RadiusCertSurvey.py -k REDACTED -n REDACTED   
Meraki Library version: 
1.27.0
Please enter the expected radius.meraki.com expiration date
in the format of YYYY-MM-DD : 2023-11-29

 

 

(there's a -v parameter you can use for Verbose mode that gives you details of every device)

 

When this runs, it will ask you for the expected radius.meraki.com certificate expiration date. As this is 2023-11-30, enter the day before, as shown above

 

This will generate a file that has, as an example, the following in:

 

***********************************************************************************************
🐻 iMac 27 serial : C02DDDDDDD
URL to device : https://n562.meraki.com/SM-Demo-systems-/n/REDACTED/manage/pcc/list#pn=68111111111
2020-08-13 2022-08-01 2023-02-08
bad news, no updated cert

***********************************************************************************************
🐻 Windows10VM serial : VMware-56 4d 63 49
URL to device : https://n562.meraki.com/SM-Demo-systems-/n/REDACTED/manage/pcc/list#pn=68222222222
2022-08-01
bad news, no updated cert

***********************************************************************************************
🐻 Cisco 840 serial : tcl2449005y
URL to device : https://n562.meraki.com/SM-Demo-systems-/n/REDACTED/manage/pcc/list#pn=68333333333
2022-08-01
bad news, no updated cert

***********************************************************************************************
🐻 Windows 10 Ent serial : VMware-56 4d e6 b4
URL to device : https://n562.meraki.com/SM-Demo-systems-/n/REDACTED/manage/pcc/list#pn=68444444444

bad news, no updated cert

 

You'll be able to open the links directly to the device in dashboard, allowing you to investigate

 

0 REPLIES 0
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels