Skip to main content
Cisco Meraki Documentation

Meraki Authentication Server Certificate Rotation - July 2024

Click 日本語 for Japanese

Overview 

One of our third-party vendors has identified an issue requiring some of their customers, including Cisco Meraki, to rotate certain certificates. As a result, we are rotating the RADIUS certificate for Meraki Cloud Authentication. Once completed, this rotation will prevent certain devices from being able to successfully connect with Meraki Cloud Authentication unless customers perform the recommended remediation steps. Below you will find additional details regarding the rotation, including which devices will be affected and the recommended remediation steps for those devices. 

Recommended Remediation Actions for Various Deployment Scenarios


Meraki Authentication with Sentry Wi-Fi 

Devices with Meraki Authentication with Systems Manager Sentry Wi-Fi that were online sometime after July 30, 2024 and before August 2, 2024, 01:30 UTC will have no impact.  

For users with devices that were not online during this period, such devices will need to associate with an SSID which will allow them to check in with the dashboard for long enough to allow a check-in cycle to complete (~2 minutes) and receive the updated payload, and resume normal operation. Users can verify the payload is working by attempting to connect to the original Meraki Sentry Wi-Fi enabled SSID. 

Meraki_Auth_Server_Cert_Sentry_WiFi.png

Note: Windows 10 and 11 users may need to select the appropriate certificate during the rotation process. Select the appropriate "SCEP Wi-Fi Certificate for {device_id}" and click OK. 

wificonnect-windows.png

Meraki Authentication without Sentry Wi-Fi 

Users of Meraki Authentication via certificate-based authentication without Sentry Wi-Fi will need to 'trust' the new certificate with the below information upon associating to the Meraki Authentication SSID.  

Host: radius.meraki.com 
Issued: DigiCert Global G2 TLS RSA SHA256 2020 CA1 
Expires: Jul 29 23:59:59 2025 GMT 

 

Meraki_Auth_Server_Cert_without_Sentry_WiFi.png

Note: Some devices may require the SSID to be "forgotten" before they will be prompted to accept the new certificate.

Note: See the Meraki Authentication Radius Certificate below for the new certificate. 

Trusted Access 

Users of a Trusted Access configuration to an SSID will need to re-download their device's Trusted Access configuration from portal.meraki.com on or after the rotation date. 

Certificate Details 

Below is a copy of the certificate which users will be required to accept, as well as the plaintext output from reading the certificate with openssl:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7e:6d:b7:09:aa:84:0f:1e:72:17:d9:94:38:4e:b8
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Jul 30 00:00:00 2024 GMT
            Not After : Jul 29 23:59:59 2025 GMT
        Subject: C = US, ST = California, L = San Francisco, O = Meraki LLC, CN = radius.meraki.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:d9:2a:e4:97:f4:4e:2a:8b:e5:7e:5e:8c:5d:9e:
                    ae:97:52:83:57:4d:9f:6a:58:c6:ec:c8:07:33:44:
                    ef:43:16:4a:23:58:7e:e1:c2:c8:f3:07:29:73:03:
                    9f:2e:ad:bf:3e:10:a3:cb:63:c4:d1:91:3a:f4:90:
                    cb:0c:a0:99:12:0b:a7:a5:b2:b5:3c:81:89:6f:5f:
                    18:96:28:53:58:f1:3f:a6:57:02:8c:80:6c:b8:67:
                    1a:4e:a7:3d:ab:02:7e:5e:57:0c:72:96:27:82:2b:
                    c3:23:36:f9:24:d4:82:97:fc:88:a5:c2:c2:67:1b:
                    61:b4:64:2a:50:85:2b:0a:e4:d7:05:e4:45:32:4a:
                    a4:8b:14:a8:68:31:51:4b:af:a6:a4:e7:d4:83:89:
                    78:70:11:70:5e:fb:28:e7:54:6e:c5:27:40:50:b5:
                    a4:91:31:d2:b9:48:00:f6:a3:d5:24:21:bd:dc:48:
                    cb:86:9a:ed:a8:6b:4e:d5:bf:9e:19:67:1c:07:f6:
                    0b:b2:67:6d:a8:f6:82:3c:28:f8:5f:62:27:f9:24:
                    dc:f8:42:88:d1:b4:ca:23:6c:d1:56:78:a3:52:b2:
                    94:0d:8c:a2:d7:69:08:59:fc:5a:17:c2:56:a0:07:
                    0a:71:c2:e0:ec:4b:d6:9f:ba:6e:47:e9:c7:84:01:
                    67:c7:e3:7a:40:f8:13:6e:ab:41:2f:5d:e1:c9:43:
                    08:35:92:b0:9e:22:12:65:20:cb:c7:9d:ea:d8:f3:
                    ab:98:92:18:2a:75:de:18:3a:72:63:9a:83:7e:c5:
                    2c:62:db:db:a9:65:e4:a0:dc:38:7d:f5:3d:c8:b3:
                    3c:60:a4:05:48:b4:4f:17:1f:40:f6:4f:8b:ae:15:
                    07:d8:19:78:ba:fd:70:ff:ec:3d:50:a1:a9:70:4f:
                    c1:95:4f:17:f6:a4:1f:46:3a:bd:75:c4:0c:0b:ff:
                    99:d1:0c:21:6c:e3:d7:f0:02:64:41:79:01:08:13:
                    8f:05:09:61:a9:3e:86:d0:1d:c7:e5:8e:17:9b:7d:
                    14:9e:08:0e:9a:5b:dd:9b:a8:dd:63:6e:a3:18:af:
                    47:8c:27:b1:2b:f9:14:31:47:dc:a6:99:5d:50:32:
                    c1:87:e3:89:90:5d:a4:78:df:02:5c:ef:41:ba:b7:
                    f3:b7:64:2b:1b:4e:0f:34:d7:60:79:55:aa:88:7f:
                    32:19:b3:fb:bf:1a:f6:d9:bd:bd:f2:82:e5:77:04:
                    41:ea:2b:3e:b8:fc:f8:9f:70:ae:e2:2c:ca:db:41:
                    22:3f:ca:04:e8:c8:0c:b9:c1:58:e2:58:54:0c:85:
                    9f:ac:9c:d0:3e:7a:0d:a4:8f:cc:78:e7:48:6e:be:
                    c4:f2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
            X509v3 Subject Key Identifier:
                66:C8:99:58:7D:F9:3B:30:23:5D:FE:2A:76:85:7F:45:A3:40:71:38
            X509v3 Subject Alternative Name:
                DNS:radius.meraki.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
                                F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
                    Timestamp : Jul 30 15:49:56.398 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:FC:25:89:5F:F3:D5:73:9C:4F:95:4C:
                                15:CD:82:13:88:9B:C4:2A:13:F4:31:A7:6F:E5:E3:68:
                                8F:3E:BC:60:A9:02:21:00:B1:60:1E:F3:A7:46:94:40:
                                16:8D:96:BC:7C:7F:27:34:FC:6E:3E:96:CE:F3:B5:62:
                                9E:2F:48:5D:5A:1B:9F:D7
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
                                D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
                    Timestamp : Jul 30 15:49:56.305 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:45:6A:CF:32:EB:C4:7B:15:29:77:F6:77:
                                C2:07:AC:87:BB:5C:09:E0:A4:06:F8:37:C8:F0:55:65:
                                6B:16:9A:15:02:20:7A:49:08:07:D4:52:88:59:E3:61:
                                D0:E2:22:A1:BA:4F:AD:D9:F3:17:8A:F1:EC:8E:C0:5C:
                                0E:56:04:04:E6:C7
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Jul 30 15:49:56.239 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:3F:77:E3:52:53:59:32:FD:ED:E1:1C:CC:
                                DD:F7:1E:FB:2F:F8:4F:2C:F4:64:FE:87:AE:70:3F:3B:
                                96:A6:37:1A:02:21:00:B9:D9:8C:E8:11:55:85:A5:51:
                                FA:EA:DA:FA:19:B7:2B:79:A2:5F:F9:9E:EB:70:43:B8:
                                01:78:DC:03:4A:F0:E9
    Signature Algorithm: sha256WithRSAEncryption
         13:85:c6:eb:14:eb:e1:82:14:00:18:ed:49:55:31:dd:08:7d:
         45:1a:31:72:58:72:ff:23:ec:7e:ac:5d:50:aa:12:9b:3c:35:
         5a:bd:17:82:75:98:c1:12:fe:7c:6a:6c:5c:f5:63:05:e8:a4:
         fe:8c:45:94:c3:32:ca:aa:54:ef:5a:77:20:e3:db:3a:9c:c7:
         e4:05:df:d1:30:94:76:17:00:8b:1a:8d:d9:3e:47:91:f6:cf:
         00:ef:7e:23:9f:0b:0b:d1:27:32:99:55:2e:96:c5:f6:1f:24:
         2d:45:1f:b5:78:65:76:8a:3f:9b:53:e1:dd:85:1d:a3:4e:15:
         2a:39:45:f6:5f:54:11:52:4b:bf:1c:ac:09:19:94:db:b1:0c:
         4d:66:aa:8b:dd:0f:b6:7e:3c:c7:04:97:1e:27:77:0e:5b:9d:
         fc:e2:54:9f:e6:1b:67:fb:ad:06:c5:d4:ab:e6:df:5f:5f:06:
         f0:30:0a:c8:6a:61:79:18:dd:e1:a8:d4:28:5e:fd:34:74:d4:
         b7:83:bf:ae:dc:6e:1d:e5:86:82:f6:03:b1:4a:c2:33:73:5e:
         ad:06:41:65:2a:97:ee:ec:f8:13:2d:6e:2f:5c:93:f4:8a:4d:
         30:8f:c0:c1:04:cf:37:be:a4:17:12:79:68:0d:92:81:1a:ad:
         d9:4d:37:92
#Meraki Authentication Radius Certificate
-----BEGIN CERTIFICATE-----
MIIH3TCCBsWgAwIBAgIQA35ttwmqhA8echfZlDhOuDANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
NzMwMDAwMDAwWhcNMjUwNzI5MjM1OTU5WjBrMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UEChMK
TWVyYWtpIExMQzEaMBgGA1UEAxMRcmFkaXVzLm1lcmFraS5jb20wggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDZKuSX9E4qi+V+Xoxdnq6XUoNXTZ9qWMbs
yAczRO9DFkojWH7hwsjzBylzA58urb8+EKPLY8TRkTr0kMsMoJkSC6elsrU8gYlv
XxiWKFNY8T+mVwKMgGy4ZxpOpz2rAn5eVwxylieCK8MjNvkk1IKX/IilwsJnG2G0
ZCpQhSsK5NcF5EUySqSLFKhoMVFLr6ak59SDiXhwEXBe+yjnVG7FJ0BQtaSRMdK5
SAD2o9UkIb3cSMuGmu2oa07Vv54ZZxwH9guyZ22o9oI8KPhfYif5JNz4QojRtMoj
bNFWeKNSspQNjKLXaQhZ/FoXwlagBwpxwuDsS9afum5H6ceEAWfH43pA+BNuq0Ev
XeHJQwg1krCeIhJlIMvHnerY86uYkhgqdd4YOnJjmoN+xSxi29upZeSg3Dh99T3I
szxgpAVItE8XH0D2T4uuFQfYGXi6/XD/7D1QoalwT8GVTxf2pB9GOr11xAwL/5nR
DCFs49fwAmRBeQEIE48FCWGpPobQHcfljhebfRSeCA6aW92bqN1jbqMYr0eMJ7Er
+RQxR9ymmV1QMsGH44mQXaR43wJc70G6t/O3ZCsbTg8012B5VaqIfzIZs/u/GvbZ
vb3yguV3BEHqKz64/PifcK7iLMrbQSI/ygToyAy5wVjiWFQMhZ+snNA+eg2kj8x4
50huvsTyqwIDAQABo4IDjTCCA4kwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oD
Hb7tzRcwHQYDVR0OBBYEFGbImVh9+TswI13+KnaFf0WjQHE4MBwGA1UdEQQVMBOC
EXJhZGl1cy5tZXJha2kuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYB
BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQw
SKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcy
VExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEu
Y3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
Z2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwG
A1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3ABLxTjS9U3JM
hAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkQRVei4AAAQDAEgwRgIhAPwliV/z
1XOcT5VMFc2CE4ibxCoT9DGnb+XjaI8+vGCpAiEAsWAe86dGlEAWjZa8fH8nNPxu
PpbO87Vini9IXVobn9cAdQDm0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39HjeO
UAAAAZEEVXnRAAAEAwBGMEQCIEVqzzLrxHsVKXf2d8IHrIe7XAngpAb4N8jwVWVr
FpoVAiB6SQgH1FKIWeNh0OIiobpPrdnzF4rx7I7AXA5WBATmxwB2AMz7D2qFcQll
/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAABkQRVeY8AAAQDAEcwRQIgP3fjUlNZ
Mv3t4RzM3fce+y/4Tyz0ZP6HrnA/O5amNxoCIQC52YzoEVWFpVH66tr6GbcreaJf
+Z7rcEO4AXjcA0rw6TANBgkqhkiG9w0BAQsFAAOCAQEAE4XG6xTr4YIUABjtSVUx
3Qh9RRoxclhy/yPsfqxdUKoSmzw1Wr0XgnWYwRL+fGpsXPVjBeik/oxFlMMyyqpU
71p3IOPbOpzH5AXf0TCUdhcAixqN2T5HkfbPAO9+I58LC9EnMplVLpbF9h8kLUUf
tXhldoo/m1Ph3YUdo04VKjlF9l9UEVJLvxysCRmU27EMTWaqi90Ptn48xwSXHid3
Dlud/OJUn+YbZ/utBsXUq+bfX18G8DAKyGpheRjd4ajUKF79NHTUt4O/rtxuHeWG
gvYDsUrCM3NerQZBZSqX7uz4Ey1uL1yT9IpNMI/AwQTPN76kFxJ5aA2SgRqt2U03
kg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIQDPW9BitWAvR6uFAsI8zwZjANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0yMTAzMzAwMDAwMDBaFw0zMTAzMjkyMzU5NTlaMFkxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKkRpZ2lDZXJ0IEdsb2Jh
bCBHMiBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMz3EGJPprtjb+2QUlbFbSd7ehJWivH0+dbn4Y+9lavyYEEV
cNsSAPonCrVXOFt9slGTcZUOakGUWzUb+nv6u8W+JDD+Vu/E832X4xT1FE3LpxDy
FuqrIvAxIhFhaZAmunjZlx/jfWardUSVc8is/+9dCopZQ+GssjoP80j812s3wWPc
3kbW20X+fSP9kOhRBx5Ro1/tSUZUfyyIxfQTnJcVPAPooTncaQwywa8WV0yUR0J8
osicfebUTVSvQpmowQTCd5zWSOTOEeAqgJnwQ3DPP3Zr0UxJqyRewg2C/Uaoq2yT
zGJSQnWS+Jr6Xl6ysGHlHx+5fwmY6D36g39HaaECAwEAAaOCAYIwggF+MBIGA1Ud
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHSFgMBmx9833s+9KTeqAx2+7c0XMB8G
A1UdIwQYMBaAFE4iVCAYlebjbuYP+vq5Eu0GF485MA4GA1UdDwEB/wQEAwIBhjAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKG
NGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RH
Mi5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG/WwC
ATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG
9w0BAQsFAAOCAQEAkPFwyyiXaZd8dP3A+iZ7U6utzWX9upwGnIrXWkOH7U1MVl+t
wcW1BSAuWdH/SvWgKtiwla3JLko716f2b4gp/DA/JIS7w7d7kwcsr4drdjPtAFVS
slme5LnQ89/nD/7d+MS5EHKBCQRfz5eeLjJ1js+aWNJXMX43AYGyZm0pGrFmCW3R
bpD0ufovARTFXFZkAdl9h6g4U5+LXUZtXMYnhIHUfoyMo5tS58aI7Dd8KvvwVVo4
chDYABPPTHPbqjc1qCmBaZx2vN4Ye5DUys/vZwP9BFohFrH/6j/f3IL16/RZkiMN
JCqVJUzKoZHm1Lesh3Sz8W2jmdv51b2EQJ8HmA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----

FAQs   

1. What is changing?

One of our third-party vendors identified an issue requiring some of their customers, including Cisco Meraki, to rotate certain certificates. As a result, we will be rotating the RADIUS certificate for Meraki Cloud Authentication on August 2, 2024, 01:30 UTC. 

2. How can an affected network be identified?

Any services relying on Meraki Cloud Authentication via certificates will be affected. This includes Sentry Wi-Fi, Trusted Access Wi-Fi, and any manual authentication relying on Meraki Cloud Authentication via certificates.   

3. Which network deployment scenarios require action to be taken?

Only SSIDs with Meraki Cloud Authentication using the RADIUS certificate for authentication will be affected.  

If you are using this certificate for Meraki Cloud Authentication and have a network with any of the following deployment scenarios, your action may be required to manually accept the new certificate: 

  • If you have non-Systems Manager (SM) deployment networks 

  • If you utilize Meraki Authentication with Sentry Wi-Fi, but had devices offline before the rotation date 

  • If you utilize a Trusted Access configuration to an SSID 

Please refer to our documentation (above) for further network identification details and next steps. 

4. Is there an action needed to maintain connectivity?

If your network is affected, you need to accept the new certificate for your devices before August 2, 2024, 01:30 UTC to maintain connectivity. Please refer to our documentation above for more information. 

5. What happens if no action is taken by the certificate rotation date?

If devices are still using the outdated RADIUS certificate after August 2, 2024, they will not be able to connect back to the Meraki Cloud Authentication SSID until the new certificate is accepted. Please see our documentation (above) for more details and a list of recommended actions for avoiding impact on device connectivity.  

6. Will this affect username or password authentication with Meraki Authentication?

If you are using Meraki Cloud Authentication with username/ password authentication (such as PEAP) will be prompted to 'trust' the new radius.meraki.com server certificate after the rotation date. 

If you are using certificate-based authentication (such as EAP-TLS) where this RADIUS Meraki Cloud Authentication certificate is used, you will need to accept the new certificate before August 2, 2024, 01:30 UTC. 

7. Where can I go if I need additional assistance?

If you have additional questions or need assistance, please contact Meraki Technical Support.  

Open a case via: