Hello,
Do you think it is possible to use a certificate from Zero SSL? I have applied a static IP on my MX, configured public DNS A record to resolve to my desired domain name, generated the CSR in Dashboard, pasted that into the feild where applicable for Zero SSL to generate my Cert. I get back the certificate and ca_bundle, but when I upload these I get error messages back and can't seem to get anywhere.
Anyone have a recommendation to get this working for a free or low-cost certificate? I like Zero SSL, but if I can't use them..
Error :
"
There were errors in uploading the certificates.
Unknown Error Failed verifying Device Cert with Cert Chain
"
I'd love to finally see this work so I can better help my customers move over to Anyconnect on MX.
Solved! Go to solution.
I took another crack at this and did successfully upload and save my certificate generated from www.zerossl.com this morning.
I used https://whatsmychaincert.com/ to generate the correct certificate chain and checked the box to include the root certificate.
This chain, with the ZEROSSL certificate was the winning combo. I did not use the ca_bundle.crt provided by ZERO SSL.
I will write up a tutorial on how I did this and share soon.
Cheers
Nope, SSL is required to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and convey trust to users. The chain of trust of a certificate chain is an ordered list of certificates, containing an end-user signer certificate and intermediate certificates (which represent the intermediate CA), which allows the recipient to verify that the sender and all intermediate certificates are trusted.
Also check it: https://letsencrypt.org/
Hi @alemabrahao, thanks for the reply. ZeroSSL is actually the name of the company I get my SSL certificate from.
I just don't know how to get the correct certificate chain as the bundle they provide doesn't seem to work for Meraki AutoVPN
https://zerossl.com/
Oh, I got it. I had never heard of them, but I thought it was interesting.
I had never heard of them either. So far I like them, fast and easy 90 day certificates. What's really neat to me is the API. Haven't tested it too much yet however.
FYI, as the answer in this thread ultimately alludes to, we require a self-signed root as part of the uploaded chain in addition to any intermediates required to validate the end-device certificate.
I took another crack at this and did successfully upload and save my certificate generated from www.zerossl.com this morning.
I used https://whatsmychaincert.com/ to generate the correct certificate chain and checked the box to include the root certificate.
This chain, with the ZEROSSL certificate was the winning combo. I did not use the ca_bundle.crt provided by ZERO SSL.
I will write up a tutorial on how I did this and share soon.
Cheers
Hi,
I'm trying to get this going with the zerossl cert however it's still not working, what steps did you take to get it going? I generated chain with the root cert through whatsmychaincert.com and still get the "
Hi,
Paste the contents of the issued cert (open in notepad for example) and check off include root.
If you didn't navigate away from the Meraki Dashboard page and still have the cert upload "popup" open, close the error message and try again.
So once you hit generate chain, do you upload what is downloaded to your machine? If so to what part on the client VPN setup: Upload Device Certificate as .cer in base64 ASCII format, .pem, or .crt or Upload CA certificate or chained certificate (combined CA and Intermediate certs) as .cer in base64 ASCII format, .pem, or .crt?