Meraki

Eddiem · ‎Sep 18 2017

My partner wants to know what SSL/TLS version is used to protect the traffic from the Meraki AP to cloud controller. If it's TLS, how is the certificate managed in Meraki? Can the customer replace the cert with his own CA signed cert that uses SHA-2 instead of SHA-1?

PhilipDAth · ‎Sep 18 2017

I just did a packet capture on an MR42 starting up.

It negotiated a TLS1.2 connection. The server it was talking to had a SHA-256 signature on its certificate. I couldn't verify the client certificate.

You can not replace the burned in certificates installed in Meraki kit. If you did - then they would fail to authenticate and get their configs.

Eddiem · ‎Sep 18 2017

Thanks Phil, That really helps. I'd guess there is only a server cert in this flow of encrypting traffic between AP and controller. If anyone on the community knows otherwise and there is a client cert on the AP, it would be good to know what signing hash algorithm was used on the AP client cert as well.

PhilipDAth · ‎Sep 18 2017

There is a cert on the AP and that is used to authenticate with the cloud but I can't observe that portion of the communications as it is already encrypted.

Eddiem · ‎Sep 18 2017

Ah, yes. It's more than encryption as the AP needs to authenticate and hence needs a client identity cert. Okay, well let's see if anyone has visibility into what signing algorithm is used on the AP certificate.

Meraki

Community

SSL Certificates and Encryption between Meraki AP/Cloud

SSL Certificates and Encryption between Meraki AP/Cloud