SSL Certificates and Encryption between Meraki AP/Cloud

Eddiem
Conversationalist

SSL Certificates and Encryption between Meraki AP/Cloud

My partner wants to know what SSL/TLS version is used to protect the traffic from the Meraki AP to cloud controller. If it's TLS, how is the certificate managed in Meraki? Can the customer replace the cert with his own CA signed cert that uses SHA-2 instead of SHA-1?

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

I just did a packet capture on an MR42 starting up.

 

It negotiated a TLS1.2 connection.  The server it was talking to had a SHA-256 signature on its certificate.  I couldn't verify the client certificate.

 

You can not replace the burned in certificates installed in Meraki kit.  If you did - then they would fail to authenticate and get their configs.

Eddiem
Conversationalist

Thanks Phil, That really helps. I'd guess there is only a server cert in this flow of encrypting traffic between AP and controller.  If anyone on the community knows otherwise and there is a client cert on the AP, it would be good to know what signing hash algorithm was used on the AP client cert as well.   

PhilipDAth
Kind of a big deal
Kind of a big deal

There is a cert on the AP and that is used to authenticate with the cloud but I can't observe that portion of the communications as it is already encrypted.

Eddiem
Conversationalist

Ah, yes. It's more than encryption as the AP needs to authenticate and hence needs a client identity cert.  Okay, well let's see if anyone has visibility into what signing algorithm is used on the AP certificate. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels