topic Re: Location Scanning API - Untrusted Server Certificate in Network Platform API

Location Scanning API - Untrusted Server Certificate

gwangjin.park — Mon, 18 May 2020 07:13:04 GMT

Hi guys!!

I'm going to test the Location Scanning API.

So I prepared an HTTPS server.
But an error is occurring as shown in the picture below.

- Untrusted Server Certificate - Please ensure you are using a certificate signed by a valid Certificate Authority(CA)

I don't think there's a problem with the certificate.

Please, let me know what can I do.

Thanks in Advance.

Re: Location Scanning API - Untrusted Server Certificate

Christian_Ney — Mon, 18 May 2020 15:37:47 GMT

Educated guess: Meraki doesn't trust Sectico certs / at least it seems that they don't have its Pubkey.

Your best option would be calling support.

Re: Location Scanning API - Untrusted Server Certificate

cfn — Tue, 19 May 2020 00:41:13 GMT

@gwangjin.park just curious are you including the full certificate chain on your server? You'll need to include the full certificate in order for dashboard to connect successfully. You might want to test it with SSL Test to see if any problems are detected with the certificate. If everything checks out then I would definitely agree with @Christian_Ney and reach out to support.

This previous thread might be helpful.

Re: Location Scanning API - Untrusted Server Certificate

gwangjin.park — Tue, 19 May 2020 04:10:06 GMT

I solved the problem with your help.
Thank you very much.

solved) Import CA certificate to keystore.

Re: Location Scanning API - Untrusted Server Certificate

Ammar-Tanveer01 — Thu, 13 Aug 2020 07:47:05 GMT

I am facing the same issue. The server where we have installed the certificate is linux machine and the CA is Entrust Certfication Authority. I am not sure the issue is with CA whihc is not recognised by Meraki or there is anything else????

When we open the website, the Certificate information and status is OK but once we validate it throws the error.

Failed to validate with status code: 400, error message:Untrusted Server Certificate – Please ensure you are using a certificate signed by a valid Certificate Authority (CA).

Need very urgent support.

Re: Location Scanning API - Untrusted Server Certificate

gwangjin.park — Thu, 13 Aug 2020 08:43:21 GMT

The keystore used by WAS must include CA certificates.
I will share how to make a keystore that I used.

(Create keystore file)
1. Create a keystore in PKCS12 format with CA certificates.
keytool -importcert -keystore [keystore file name] -storepass [password] -storetype PKCS12 -alias rootca -file [Root CA Certification]
keytool -importcert -keystore [keystore file name] -storepass [password] -storetype PKCS12 -alias root -file [CA Certification]

2. Convert the SSL certificate to PKCS12 format.
openssl pkcs12 -export -in [public key file] -inkey [private key file] -out [cert file name] -name [Any Name]

3. Import certificate in PKCS12 format to keystore
keytool -importkeystore -deststorepass [password] -destkeypass [password] -destkeystore [keystore file name] -srckeystore [cert file name] -srcstoretype PKCS12 -srcstorepass [password] -alias [Any Name]

ex)
[Certification]
RootCA : USERTrustRSAAddTrustCA.der
CA : SectigoRSADomainValidationSecureServerCA.der
Public Key : public.key
Private Key : private.key

[Command]
keytool -importcert -keystore keystore.jks -storepass Password1! -storetype PKCS12 -alias rootca -file USERTrustRSAAddTrustCA.der
keytool -importcert -keystore keystore.jks -storepass Password1! -storetype PKCS12 -alias root -file SectigoRSADomainValidationSecureServerCA.der

openssl pkcs12 -export -in public.key -inkey private.key -out mscanning.p12 -name mscanning12

keytool -importkeystore -deststorepass Password1! -destkeypass Password1! -destkeystore keystore.jks -srckeystore mscanning.p12 -srcstoretype PKCS12 -srcstorepass Password1! -alias mscannings

Re: Location Scanning API - Untrusted Server Certificate

Ammar-Tanveer01 — Thu, 13 Aug 2020 09:18:04 GMT

Re: Location Scanning API - Untrusted Server Certificate

Ammar-Tanveer01 — Thu, 13 Aug 2020 09:20:29 GMT

@gwangjin.parkThank you for your response.

Just want to know when you encountered the issue, the URL was showing any certificate error? example, were you able to see the valid certificate issue on Website?

Also, the solution you shared is for linux? We are using CentOS.

Re: Location Scanning API - Untrusted Server Certificate

gwangjin.park — Thu, 13 Aug 2020 23:41:12 GMT

I used Tomcat as WAS (Web Application Server).
This is not affected by the OS.

So, I have some questions.
Q1. What does your WAS use?
- SSL settings may vary depending on WAS.
Q2. Does your keystore contain all certificates (CA)?
Q3. Can you send your keystore (with your password)?
Q4. Can you show me the error screen from the Meraki dashboard?

I hope your problem will be solved soon.

Re: Location Scanning API - Untrusted Server Certificate

maollano — Thu, 20 Aug 2020 22:58:12 GMT

has someone managed to solve? The exact same thing happens to me and I have not been able to solve it

Regards

"Failed to validate with status code: 400, error message:
Untrusted Server Certificate – Please ensure you are using a certificate signed by a valid Certificate Authority (CA)"

The certificate is issued by ZeroSSL

Regards