Skip to main content
Cisco Meraki

Meraki Authentication Server Certificate Rotation - July 2022

Overview

Due to an approaching certificate expiration Meraki will be rotating the RADIUS server certificate for Meraki Authentication on 29 July 2022.  The following is the expected impact and remediation steps for potential issues.

Meraki Authentication with Sentry Wifi

Users of Meraki Authentication with Systems Manager Sentry Wifi with devices which were online between 1 May 2022 and the rotation date of 29 July 2022 will have no user-visible impact. 

Users with devices which were not online during that period simply need to associate to an SSID which will allow them to check in with dashboard for long enough to allow a check-in cycle to complete (~2 minutes) in order to receive the updated payload and resume normal operation

Meraki Authentication without Sentry Wifi

Users of Meraki Authentication without Sentry Wifi will need to 'trust' the new certificate with the below information upon associating to the Meraki Authentication SSID on or after 29 July 2022.  Some devices may require the SSID to be "forgotten" before they will prompt to accept the new certificate.  

 

Host: radius.meraki.com
Issued: DigiCert TLS RSA SHA256 2020 CA1
Expires: 8 February 2023

Trusted Access

Users of a Trusted Access configuration to an SSID will need to re-download their device's Trusted Access configuration from portal.meraki.com on or after the 29 July 2022 rotation date. 

Certificate Details

Below is a copy of the certificate which users will be required to accept, as well as the plaintext output from reading the certificate with openssl:

meraki$ openssl x509 -noout -text -in ./new.meraki-auth-radius.cert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:1c:da:90:04:bf:09:11:2d:68:d3:fc:36:3c:13:bf
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Feb  9 00:00:00 2022 GMT
            Not After : Feb  8 23:59:59 2023 GMT
        Subject: C = US, ST = California, L = San Francisco, O = Meraki LLC, CN = radius.meraki.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:c3:f1:7e:d6:79:02:49:8e:7e:31:4b:0b:f2:6e:
                    08:62:13:42:2f:87:05:e4:24:0e:cd:07:61:5e:eb:
                    d6:39:25:33:d1:9a:b6:e9:39:37:ba:d2:77:ae:7d:
                    c9:c9:e3:e6:27:5d:01:6f:12:92:0b:49:cf:be:33:
                    26:8b:ac:c7:bd:61:33:60:b6:92:03:89:58:c6:ad:
                    63:f1:14:77:81:8e:dc:b3:6a:7a:5b:26:d3:32:ac:
                    3d:a3:94:25:22:a4:93:f3:3e:c8:b8:c1:fa:d1:83:
                    88:aa:97:53:db:7c:c8:33:05:32:a1:2d:1e:75:cd:
                    14:2a:31:31:e1:5a:3d:1a:bd:7e:33:df:e7:09:17:
                    c0:5e:1b:a8:16:1d:ef:05:85:9b:48:cc:4e:c6:7b:
                    1d:70:4b:fc:5e:33:d3:9e:14:af:06:0d:5d:4c:de:
                    f4:7c:33:86:65:ce:92:59:1b:36:2d:bf:a3:f5:8e:
                    49:ed:36:45:fd:9c:66:a1:fe:a7:02:c1:41:4d:d8:
                    41:6b:26:78:21:f0:35:d4:91:79:77:d1:60:0f:e6:
                    a2:ea:01:95:11:09:b8:f9:fd:0d:e8:cf:57:2d:e5:
                    02:85:fe:04:3f:dd:1e:27:de:03:19:65:77:64:25:
                    ef:6b:44:49:d3:10:e2:22:61:ef:30:a7:d4:6f:ca:
                    7c:eb:df:b8:9b:91:ff:6c:20:48:52:50:ab:df:fe:
                    d8:8d:5e:dd:b9:e5:36:b8:05:be:cf:32:d2:bd:04:
                    ef:b4:dd:d9:59:a2:6b:cf:d5:2f:27:6c:42:3f:05:
                    b2:ad:97:29:a7:3d:9e:5a:9e:f3:0c:20:73:da:35:
                    22:c0:99:04:f8:17:66:93:ab:67:18:33:3c:8b:12:
                    60:77:e4:e9:98:62:41:ef:59:0e:e5:80:18:19:01:
                    19:30:8f:00:56:f0:ac:de:04:13:d7:64:67:4d:54:
                    a4:71:3e:68:32:fb:be:a0:d1:ea:78:2a:f5:52:68:
                    48:b6:ce:63:70:40:6d:f0:75:5c:d1:ec:ad:4b:60:
                    10:07:3b:8a:89:ee:5b:b6:a5:47:de:ea:0c:46:d3:
                    0e:7e:bf:6c:85:15:6f:f2:08:28:b5:b1:fd:b2:00:
                    9b:3f:1f:21:77:20:f4:ec:bf:9a:ec:7a:60:9d:fd:
                    e6:d7:eb:8b:2a:12:6b:09:27:10:4d:1d:f1:8b:5f:
                    e7:a1:5d:0c:b3:b8:13:4c:2c:68:4b:05:07:a9:be:
                    c9:0c:fd:7a:f6:95:74:ff:a7:d6:ba:70:e4:88:1e:
                    47:d7:3b:ff:9b:d3:0c:40:f0:9e:4a:95:7d:2f:9a:
                    8f:45:0e:ce:72:97:6c:fd:70:a6:c5:0a:64:18:14:
                    51:47:5d