cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Back again with another edition of 'How we use Dropbox', so find out how Emma uses to-do lists to get it all done here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Change of Certification

Change of Certification

tim-dev
Explorer | Level 3

Hi,

 

We are using Dropbox API to download firmware updates to our devices. I understand that there has been a recent change with the certification of your servers. This change causes our update process to fail as we are not using a different certificate.

 

We have been using DigiCert High Assurance EV Root CA to connect api.dropboxapi.com (162.125.69.19) and https://content.dropboxapi.com/ (162.125.69.14) which has been working just fine. Now we get an error "Used wrong CA to verify the peer." It seems like the certificate on the file server has been changed to DigiCert Global Root CA.

 

This means that we can not update our devices anymore. Can this change be reverted or at least can both certificates be accepted for connection to file server?

 

Best,

1 Accepted Solution

Accepted Solutions

Re: Change of Certification

Greg-DB
Dropboxer

We've switched content.dropboxapi.com back to using DigiCert High Assurance EV Root CA. Please let us know if you're still seeing any issues.

 

@4mooreben Yes, that's correct, this switch should not be considered permanent. We recommend updating the trust store, to trust both roots if possible. I'll ask the team for some longer term guidance as to a timeline.

View solution in original post

13 Replies 13

Re: Change of Certification

Greg-DB
Dropboxer

Thanks for writing this up. The content.dropboxapi.com servers are now being served with a certificate using DigiCert Global Root CA. I'll ask the team to see if we can switch that back to DigiCert High Assurance EV Root CA (or support both), but I can't guarantee if/when that would be done. I'll follow up here with any updates on that.

 

Either way, we recommend updating your trust store to include DigiCert Global Root CA if possible.

Re: Change of Certification

4mooreben
New member | Level 2

Hi Greg,

This issue is impacting many embedded client devices which do not maintain a complete certificate trust store and use Dropbox for distributing firmware updates. Instead of a complete certificate trust store, the client devices must be loaded with select certificates that are needed for verifying certificate chains when establishing secure connections to a server.

 

Since Dropbox is the only server that is being used for distributing updates in some cases, these devices can't be updated to use the new root CA without first switching the servers back to the old root CA.

 

We need to start a discussion with Dropbox on how we can resolve this issue for our mutual customers. I think this would be best handled off the forum. Please see my email below to contact me directly.


Best Regards,

Ben M

<email address redacted>

Re: Change of Certification

Greg-DB
Dropboxer

@4mooreben Thanks for the additional information! This has been raised with team internally. I'll follow up here once I have any news on this from them.

 

I've redacted your email address for the sake of privacy, but for reference, you can always open an API ticket privately here if you need.

Re: Change of Certification

4mooreben
New member | Level 2

Perfect. Thank you!

-Ben M

Re: Change of Certification

Greg-DB
Dropboxer

We are working on switching this back now. I'll follow up here once that's done.

Re: Change of Certification

4mooreben
New member | Level 2

Thanks, Greg. I'll continue to monitor for updates.

I assume this wouldn't be a permanent change on your side. I think it would be good to review the timeline around how long you can keep it switched back for. We will start communicating to our customers asap to make sure they are aware.

 

Best,

Ben M

Re: Change of Certification

Greg-DB
Dropboxer

We've switched content.dropboxapi.com back to using DigiCert High Assurance EV Root CA. Please let us know if you're still seeing any issues.

 

@4mooreben Yes, that's correct, this switch should not be considered permanent. We recommend updating the trust store, to trust both roots if possible. I'll ask the team for some longer term guidance as to a timeline.

View solution in original post

Re: Change of Certification

tim-dev
Explorer | Level 3

Thank you very much for your fast response. The update procedure works now. It is important for us to know how long this change will be effective, in order to communicate with our customers for a firmware update. Please let us know as soon as you hear back from the team.

Re: Change of Certification

charlesfish
Explorer | Level 3

I also am interested in how long this change will persist for. We have some boards that use OTA that we plan on using for testing during the next few weeks. They are supposed to go out Monday, but if we have to deal with changing certificates during the next month or two, we will have to push back our release to implement a method to handle that.

 

Thanks in advance,

Charles

Poll
We love to learn from the educators who use Dropbox. Whether you teach kids, teens, adults or a combination of all three, we want to know what apps and integrations you use with Dropbox to help with teaching. Which of the ones below is your favorite, or most used tool?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropboxer
  • User avatar
    4mooreben New member | Level 2
  • User avatar
    charlesfish Explorer | Level 3
What do Dropbox user levels mean?
Need more support?