https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433818#M5462 <P>+1 to <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/40633">@RomanMD</A> . If you were worried about a man-in-the-middle attack or something (maybe a firewall doing SSL inspection), you could check the certificate issuer and CN are who you expect it to be.</P> Thu, 30 Mar 2023 19:28:00 GMT Philip D'Ath 2023-03-30T19:28:00Z https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433816#M5460 <P>Hi Community,</P><P>Is it possible to configure and use some custom or non-default SSL certificate for Meraki Dashboard API?</P><P>What is default certificate revocation policy, can it be changed per organization? </P><P>Thanks in advance,</P><P>Yuriy</P> Thu, 30 Mar 2023 17:33:18 GMT https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433816#M5460 Yuriy P. 2023-03-30T17:33:18Z https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433817#M5461 <P>I don't really understand the question but if I'll answer it as I understand then - No!</P><P>Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!</P><P>Can you provide more context around the question? </P> Thu, 30 Mar 2023 18:16:42 GMT https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433817#M5461 RomanMD 2023-03-30T18:16:42Z https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433818#M5462 <P>+1 to <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/40633">@RomanMD</A> . If you were worried about a man-in-the-middle attack or something (maybe a firewall doing SSL inspection), you could check the certificate issuer and CN are who you expect it to be.</P> Thu, 30 Mar 2023 19:28:00 GMT https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433818#M5462 Philip D'Ath 2023-03-30T19:28:00Z https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433819#M5463 <P>Thanks for answer!</P><P>In short we have the tool which utilize Meraki API and is configured to perform online revocation check.</P><P>For some users it works and for others it fails with error during <SPAN>revocation check. Here is what we have in request header: </SPAN></P><UL><LI><SPAN>Chain.Status: RevocationStatusUnknown,OfflineRevocation</SPAN></LI></UL><P><SPAN>Maybe it is something on Windows policies configuration side, not sure.</SPAN></P> Fri, 31 Mar 2023 11:17:59 GMT https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433819#M5463 Yuriy P. 2023-03-31T11:17:59Z https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433820#M5464 <P>For the case that fails see which CA is being used (check the issuer field). The CA certificate will already be installed on your device as a trusted root CA.</P><P>Then get CRL field out of the CA certificate from your machine, and then try and request that URL directly to see what happens.</P><P>It sounds like the retrieval process is experiencing errors.</P> Fri, 31 Mar 2023 19:07:57 GMT https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433820#M5464 Philip D'Ath 2023-03-31T19:07:57Z https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433821#M5465 <P>Thank you, I'll dig in that direction then!</P> Mon, 03 Apr 2023 09:59:00 GMT https://community.cisco.com/t5/network-platform-api/ssl-certificate-for-meraki-dashboard-api/m-p/5433821#M5465 Yuriy P. 2023-04-03T09:59:00Z