Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4369
Views
5
Helpful
5
Replies

SSL certificate for Meraki Dashboard API

Go to solution
Yuriy P.
Visitor

‎03-30-2023 10:33 AM

Hi Community,

Is it possible to configure and use some custom or non-default SSL certificate for Meraki Dashboard API?

What is default certificate revocation policy, can it be changed per organization?

Thanks in advance,

Yuriy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RomanMD
Level 6
Level 6

‎03-30-2023 11:16 AM

I don't really understand the question but if I'll answer it as I understand then - No!

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

Can you provide more context around the question?

View solution in original post

5 Replies 5

Go to solution
RomanMD
Level 6
Level 6

‎03-30-2023 11:16 AM

I don't really understand the question but if I'll answer it as I understand then - No!

Meraki API backend is managed by Cisco and Cisco controls the certificate. There are no security reasons why one would want to use a custom certificate!

Can you provide more context around the question?

Go to solution
Yuriy P.
Visitor
In response to RomanMD

‎03-31-2023 04:17 AM

Thanks for answer!

In short we have the tool which utilize Meraki API and is configured to perform online revocation check.

For some users it works and for others it fails with error during revocation check. Here is what we have in request header:

  • Chain.Status: RevocationStatusUnknown,OfflineRevocation

Maybe it is something on Windows policies configuration side, not sure.

0 Helpful

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star
In response to Yuriy P.

‎03-31-2023 12:07 PM

For the case that fails see which CA is being used (check the issuer field). The CA certificate will already be installed on your device as a trusted root CA.

Then get CRL field out of the CA certificate from your machine, and then try and request that URL directly to see what happens.

It sounds like the retrieval process is experiencing errors.

Go to solution
Yuriy P.
Visitor
In response to Philip D'Ath

‎04-03-2023 02:59 AM

Thank you, I'll dig in that direction then!

0 Helpful

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎03-30-2023 12:28 PM

+1 to @RomanMD . If you were worried about a man-in-the-middle attack or something (maybe a firewall doing SSL inspection), you could check the certificate issuer and CN are who you expect it to be.

Customers Also Viewed These Support Documents