Meraki Authentication Server Certificate Rotation - July 2024
Click 日本語 for Japanese
Overview
One of our third-party vendors has identified an issue requiring some of their customers, including Cisco Meraki, to rotate certain certificates. As a result, we are rotating the RADIUS certificate for Meraki Cloud Authentication. Once completed, this rotation will prevent certain devices from being able to successfully connect with Meraki Cloud Authentication unless customers perform the recommended remediation steps. Below you will find additional details regarding the rotation, including which devices will be affected and the recommended remediation steps for those devices.
Recommended Remediation Actions for Various Deployment Scenarios
Meraki Authentication with Sentry Wi-Fi
Devices with Meraki Authentication with Systems Manager Sentry Wi-Fi that were online sometime after July 30, 2024 and before August 2, 2024, 01:30 UTC will have no impact.
For users with devices that were not online during this period, such devices will need to associate with an SSID which will allow them to check in with the dashboard for long enough to allow a check-in cycle to complete (~2 minutes) and receive the updated payload, and resume normal operation. Users can verify the payload is working by attempting to connect to the original Meraki Sentry Wi-Fi enabled SSID.
Note: Windows 10 and 11 users may need to select the appropriate certificate during the rotation process. Select the appropriate "SCEP Wi-Fi Certificate for {device_id}" and click OK.
Meraki Authentication without Sentry Wi-Fi
Users of Meraki Authentication via certificate-based authentication without Sentry Wi-Fi will need to 'trust' the new certificate with the below information upon associating to the Meraki Authentication SSID.
Host: radius.meraki.com
Issued: DigiCert Global G2 TLS RSA SHA256 2020 CA1
Expires: Jul 29 23:59:59 2025 GMT
Note: Some devices may require the SSID to be "forgotten" before they will be prompted to accept the new certificate.
Note: See the Meraki Authentication Radius Certificate below for the new certificate.
Trusted Access
Users of a Trusted Access configuration to an SSID will need to re-download their device's Trusted Access configuration from portal.meraki.com on or after the rotation date.
Certificate Details
Below is a copy of the certificate which users will be required to accept, as well as the plaintext output from reading the certificate with openssl:
Certificate: Data: Version: 3 (0x2) Serial Number: 03:7e:6d:b7:09:aa:84:0f:1e:72:17:d9:94:38:4e:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 Validity Not Before: Jul 30 00:00:00 2024 GMT Not After : Jul 29 23:59:59 2025 GMT Subject: C = US, ST = California, L = San Francisco, O = Meraki LLC, CN = radius.meraki.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d9:2a:e4:97:f4:4e:2a:8b:e5:7e:5e:8c:5d:9e: ae:97:52:83:57:4d:9f:6a:58:c6:ec:c8:07:33:44: ef:43:16:4a:23:58:7e:e1:c2:c8:f3:07:29:73:03: 9f:2e:ad:bf:3e:10:a3:cb:63:c4:d1:91:3a:f4:90: cb:0c:a0:99:12:0b:a7:a5:b2:b5:3c:81:89:6f:5f: 18:96:28:53:58:f1:3f:a6:57:02:8c:80:6c:b8:67: 1a:4e:a7:3d:ab:02:7e:5e:57:0c:72:96:27:82:2b: c3:23:36:f9:24:d4:82:97:fc:88:a5:c2:c2:67:1b: 61:b4:64:2a:50:85:2b:0a:e4:d7:05:e4:45:32:4a: a4:8b:14:a8:68:31:51:4b:af:a6:a4:e7:d4:83:89: 78:70:11:70:5e:fb:28:e7:54:6e:c5:27:40:50:b5: a4:91:31:d2:b9:48:00:f6:a3:d5:24:21:bd:dc:48: cb:86:9a:ed:a8:6b:4e:d5:bf:9e:19:67:1c:07:f6: 0b:b2:67:6d:a8:f6:82:3c:28:f8:5f:62:27:f9:24: dc:f8:42:88:d1:b4:ca:23:6c:d1:56:78:a3:52:b2: 94:0d:8c:a2:d7:69:08:59:fc:5a:17:c2:56:a0:07: 0a:71:c2:e0:ec:4b:d6:9f:ba:6e:47:e9:c7:84:01: 67:c7:e3:7a:40:f8:13:6e:ab:41:2f:5d:e1:c9:43: 08:35:92:b0:9e:22:12:65:20:cb:c7:9d:ea:d8:f3: ab:98:92:18:2a:75:de:18:3a:72:63:9a:83:7e:c5: 2c:62:db:db:a9:65:e4:a0:dc:38:7d:f5:3d:c8:b3: 3c:60:a4:05:48:b4:4f:17:1f:40:f6:4f:8b:ae:15: 07:d8:19:78:ba:fd:70:ff:ec:3d:50:a1:a9:70:4f: c1:95:4f:17:f6:a4:1f:46:3a:bd:75:c4:0c:0b:ff: 99:d1:0c:21:6c:e3:d7:f0:02:64:41:79:01:08:13: 8f:05:09:61:a9:3e:86:d0:1d:c7:e5:8e:17:9b:7d: 14:9e:08:0e:9a:5b:dd:9b:a8:dd:63:6e:a3:18:af: 47:8c:27:b1:2b:f9:14:31:47:dc:a6:99:5d:50:32: c1:87:e3:89:90:5d:a4:78:df:02:5c:ef:41:ba:b7: f3:b7:64:2b:1b:4e:0f:34:d7:60:79:55:aa:88:7f: 32:19:b3:fb:bf:1a:f6:d9:bd:bd:f2:82:e5:77:04: 41:ea:2b:3e:b8:fc:f8:9f:70:ae:e2:2c:ca:db:41: 22:3f:ca:04:e8:c8:0c:b9:c1:58:e2:58:54:0c:85: 9f:ac:9c:d0:3e:7a:0d:a4:8f:cc:78:e7:48:6e:be: c4:f2:ab Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17 X509v3 Subject Key Identifier: 66:C8:99:58:7D:F9:3B:30:23:5D:FE:2A:76:85:7F:45:A3:40:71:38 X509v3 Subject Alternative Name: DNS:radius.meraki.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: http://www.digicert.com/CPS X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl Full Name: URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt X509v3 Basic Constraints: critical CA:FALSE CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13: F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A Timestamp : Jul 30 15:49:56.398 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:FC:25:89:5F:F3:D5:73:9C:4F:95:4C: 15:CD:82:13:88:9B:C4:2A:13:F4:31:A7:6F:E5:E3:68: 8F:3E:BC:60:A9:02:21:00:B1:60:1E:F3:A7:46:94:40: 16:8D:96:BC:7C:7F:27:34:FC:6E:3E:96:CE:F3:B5:62: 9E:2F:48:5D:5A:1B:9F:D7 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1: D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50 Timestamp : Jul 30 15:49:56.305 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:45:6A:CF:32:EB:C4:7B:15:29:77:F6:77: C2:07:AC:87:BB:5C:09:E0:A4:06:F8:37:C8:F0:55:65: 6B:16:9A:15:02:20:7A:49:08:07:D4:52:88:59:E3:61: D0:E2:22:A1:BA:4F:AD:D9:F3:17:8A:F1:EC:8E:C0:5C: 0E:56:04:04:E6:C7 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C: 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0 Timestamp : Jul 30 15:49:56.239 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:3F:77:E3:52:53:59:32:FD:ED:E1:1C:CC: DD:F7:1E:FB:2F:F8:4F:2C:F4:64:FE:87:AE:70:3F:3B: 96:A6:37:1A:02:21:00:B9:D9:8C:E8:11:55:85:A5:51: FA:EA:DA:FA:19:B7:2B:79:A2:5F:F9:9E:EB:70:43:B8: 01:78:DC:03:4A:F0:E9 Signature Algorithm: sha256WithRSAEncryption 13:85:c6:eb:14:eb:e1:82:14:00:18:ed:49:55:31:dd:08:7d: 45:1a:31:72:58:72:ff:23:ec:7e:ac:5d:50:aa:12:9b:3c:35: 5a:bd:17:82:75:98:c1:12:fe:7c:6a:6c:5c:f5:63:05:e8:a4: fe:8c:45:94:c3:32:ca:aa:54:ef:5a:77:20:e3:db:3a:9c:c7: e4:05:df:d1:30:94:76:17:00:8b:1a:8d:d9:3e:47:91:f6:cf: 00:ef:7e:23:9f:0b:0b:d1:27:32:99:55:2e:96:c5:f6:1f:24: 2d:45:1f:b5:78:65:76:8a:3f:9b:53:e1:dd:85:1d:a3:4e:15: 2a:39:45:f6:5f:54:11:52:4b:bf:1c:ac:09:19:94:db:b1:0c: 4d:66:aa:8b:dd:0f:b6:7e:3c:c7:04:97:1e:27:77:0e:5b:9d: fc:e2:54:9f:e6:1b:67:fb:ad:06:c5:d4:ab:e6:df:5f:5f:06: f0:30:0a:c8:6a:61:79:18:dd:e1:a8:d4:28:5e:fd:34:74:d4: b7:83:bf:ae:dc:6e:1d:e5:86:82:f6:03:b1:4a:c2:33:73:5e: ad:06:41:65:2a:97:ee:ec:f8:13:2d:6e:2f:5c:93:f4:8a:4d: 30:8f:c0:c1:04:cf:37:be:a4:17:12:79:68:0d:92:81:1a:ad: d9:4d:37:92
#Meraki Authentication Radius Certificate -----BEGIN CERTIFICATE----- MIIH3TCCBsWgAwIBAgIQA35ttwmqhA8echfZlDhOuDANBgkqhkiG9w0BAQsFADBZ MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw NzMwMDAwMDAwWhcNMjUwNzI5MjM1OTU5WjBrMQswCQYDVQQGEwJVUzETMBEGA1UE CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UEChMK TWVyYWtpIExMQzEaMBgGA1UEAxMRcmFkaXVzLm1lcmFraS5jb20wggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQDZKuSX9E4qi+V+Xoxdnq6XUoNXTZ9qWMbs yAczRO9DFkojWH7hwsjzBylzA58urb8+EKPLY8TRkTr0kMsMoJkSC6elsrU8gYlv XxiWKFNY8T+mVwKMgGy4ZxpOpz2rAn5eVwxylieCK8MjNvkk1IKX/IilwsJnG2G0 ZCpQhSsK5NcF5EUySqSLFKhoMVFLr6ak59SDiXhwEXBe+yjnVG7FJ0BQtaSRMdK5 SAD2o9UkIb3cSMuGmu2oa07Vv54ZZxwH9guyZ22o9oI8KPhfYif5JNz4QojRtMoj bNFWeKNSspQNjKLXaQhZ/FoXwlagBwpxwuDsS9afum5H6ceEAWfH43pA+BNuq0Ev XeHJQwg1krCeIhJlIMvHnerY86uYkhgqdd4YOnJjmoN+xSxi29upZeSg3Dh99T3I szxgpAVItE8XH0D2T4uuFQfYGXi6/XD/7D1QoalwT8GVTxf2pB9GOr11xAwL/5nR DCFs49fwAmRBeQEIE48FCWGpPobQHcfljhebfRSeCA6aW92bqN1jbqMYr0eMJ7Er +RQxR9ymmV1QMsGH44mQXaR43wJc70G6t/O3ZCsbTg8012B5VaqIfzIZs/u/GvbZ vb3yguV3BEHqKz64/PifcK7iLMrbQSI/ygToyAy5wVjiWFQMhZ+snNA+eg2kj8x4 50huvsTyqwIDAQABo4IDjTCCA4kwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oD Hb7tzRcwHQYDVR0OBBYEFGbImVh9+TswI13+KnaFf0WjQHE4MBwGA1UdEQQVMBOC EXJhZGl1cy5tZXJha2kuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYB BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQw SKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcy VExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGln aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEu Y3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp Z2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQu Y29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwG A1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3ABLxTjS9U3JM hAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkQRVei4AAAQDAEgwRgIhAPwliV/z 1XOcT5VMFc2CE4ibxCoT9DGnb+XjaI8+vGCpAiEAsWAe86dGlEAWjZa8fH8nNPxu PpbO87Vini9IXVobn9cAdQDm0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39HjeO UAAAAZEEVXnRAAAEAwBGMEQCIEVqzzLrxHsVKXf2d8IHrIe7XAngpAb4N8jwVWVr FpoVAiB6SQgH1FKIWeNh0OIiobpPrdnzF4rx7I7AXA5WBATmxwB2AMz7D2qFcQll /pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAABkQRVeY8AAAQDAEcwRQIgP3fjUlNZ Mv3t4RzM3fce+y/4Tyz0ZP6HrnA/O5amNxoCIQC52YzoEVWFpVH66tr6GbcreaJf +Z7rcEO4AXjcA0rw6TANBgkqhkiG9w0BAQsFAAOCAQEAE4XG6xTr4YIUABjtSVUx 3Qh9RRoxclhy/yPsfqxdUKoSmzw1Wr0XgnWYwRL+fGpsXPVjBeik/oxFlMMyyqpU 71p3IOPbOpzH5AXf0TCUdhcAixqN2T5HkfbPAO9+I58LC9EnMplVLpbF9h8kLUUf tXhldoo/m1Ph3YUdo04VKjlF9l9UEVJLvxysCRmU27EMTWaqi90Ptn48xwSXHid3 Dlud/OJUn+YbZ/utBsXUq+bfX18G8DAKyGpheRjd4ajUKF79NHTUt4O/rtxuHeWG gvYDsUrCM3NerQZBZSqX7uz4Ey1uL1yT9IpNMI/AwQTPN76kFxJ5aA2SgRqt2U03 kg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEyDCCA7CgAwIBAgIQDPW9BitWAvR6uFAsI8zwZjANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0yMTAzMzAwMDAwMDBaFw0zMTAzMjkyMzU5NTlaMFkxCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKkRpZ2lDZXJ0IEdsb2Jh bCBHMiBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMz3EGJPprtjb+2QUlbFbSd7ehJWivH0+dbn4Y+9lavyYEEV cNsSAPonCrVXOFt9slGTcZUOakGUWzUb+nv6u8W+JDD+Vu/E832X4xT1FE3LpxDy FuqrIvAxIhFhaZAmunjZlx/jfWardUSVc8is/+9dCopZQ+GssjoP80j812s3wWPc 3kbW20X+fSP9kOhRBx5Ro1/tSUZUfyyIxfQTnJcVPAPooTncaQwywa8WV0yUR0J8 osicfebUTVSvQpmowQTCd5zWSOTOEeAqgJnwQ3DPP3Zr0UxJqyRewg2C/Uaoq2yT zGJSQnWS+Jr6Xl6ysGHlHx+5fwmY6D36g39HaaECAwEAAaOCAYIwggF+MBIGA1Ud EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHSFgMBmx9833s+9KTeqAx2+7c0XMB8G A1UdIwQYMBaAFE4iVCAYlebjbuYP+vq5Eu0GF485MA4GA1UdDwEB/wQEAwIBhjAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKG NGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RH Mi5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29t L0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG/WwC ATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG 9w0BAQsFAAOCAQEAkPFwyyiXaZd8dP3A+iZ7U6utzWX9upwGnIrXWkOH7U1MVl+t wcW1BSAuWdH/SvWgKtiwla3JLko716f2b4gp/DA/JIS7w7d7kwcsr4drdjPtAFVS slme5LnQ89/nD/7d+MS5EHKBCQRfz5eeLjJ1js+aWNJXMX43AYGyZm0pGrFmCW3R bpD0ufovARTFXFZkAdl9h6g4U5+LXUZtXMYnhIHUfoyMo5tS58aI7Dd8KvvwVVo4 chDYABPPTHPbqjc1qCmBaZx2vN4Ye5DUys/vZwP9BFohFrH/6j/f3IL16/RZkiMN JCqVJUzKoZHm1Lesh3Sz8W2jmdv51b2EQJ8HmA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI 2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx 1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV 5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY 1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl MrY= -----END CERTIFICATE-----
FAQs
1. What is changing?
One of our third-party vendors identified an issue requiring some of their customers, including Cisco Meraki, to rotate certain certificates. As a result, we will be rotating the RADIUS certificate for Meraki Cloud Authentication on August 2, 2024, 01:30 UTC.
2. How can an affected network be identified?
Any services relying on Meraki Cloud Authentication via certificates will be affected. This includes Sentry Wi-Fi, Trusted Access Wi-Fi, and any manual authentication relying on Meraki Cloud Authentication via certificates.
3. Which network deployment scenarios require action to be taken?
Only SSIDs with Meraki Cloud Authentication using the RADIUS certificate for authentication will be affected.
If you are using this certificate for Meraki Cloud Authentication and have a network with any of the following deployment scenarios, your action may be required to manually accept the new certificate:
-
If you have non-Systems Manager (SM) deployment networks
-
If you utilize Meraki Authentication with Sentry Wi-Fi, but had devices offline before the rotation date
-
If you utilize a Trusted Access configuration to an SSID
Please refer to our documentation (above) for further network identification details and next steps.
4. Is there an action needed to maintain connectivity?
If your network is affected, you need to accept the new certificate for your devices before August 2, 2024, 01:30 UTC to maintain connectivity. Please refer to our documentation above for more information.
5. What happens if no action is taken by the certificate rotation date?
If devices are still using the outdated RADIUS certificate after August 2, 2024, they will not be able to connect back to the Meraki Cloud Authentication SSID until the new certificate is accepted. Please see our documentation (above) for more details and a list of recommended actions for avoiding impact on device connectivity.
6. Will this affect username or password authentication with Meraki Authentication?
If you are using Meraki Cloud Authentication with username/ password authentication (such as PEAP) will be prompted to 'trust' the new radius.meraki.com server certificate after the rotation date.
If you are using certificate-based authentication (such as EAP-TLS) where this RADIUS Meraki Cloud Authentication certificate is used, you will need to accept the new certificate before August 2, 2024, 01:30 UTC.
7. Where can I go if I need additional assistance?
If you have additional questions or need assistance, please contact Meraki Technical Support.
Open a case via:
-
Call your localized support line, which can be found at the bottom of the Meraki Technical Support webpage.