You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

tim-dev's avatar
tim-dev
Explorer | Level 3
4 years ago

Change of Certification

Hi,

 

We are using Dropbox API to download firmware updates to our devices. I understand that there has been a recent change with the certification of your servers. This change causes our update process to fail as we are not using a different certificate.

 

We have been using DigiCert High Assurance EV Root CA to connect api.dropboxapi.com (162.125.69.19) and https://content.dropboxapi.com/ (162.125.69.14) which has been working just fine. Now we get an error "Used wrong CA to verify the peer." It seems like the certificate on the file server has been changed to DigiCert Global Root CA.

 

This means that we can not update our devices anymore. Can this change be reverted or at least can both certificates be accepted for connection to file server?

 

Best,

  • Greg-DB's avatar
    Greg-DB
    4 years ago

    We've switched content.dropboxapi.com back to using DigiCert High Assurance EV Root CA. Please let us know if you're still seeing any issues.

     

    4mooreben Yes, that's correct, this switch should not be considered permanent. We recommend updating the trust store, to trust both roots if possible. I'll ask the team for some longer term guidance as to a timeline.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Thanks for writing this up. The content.dropboxapi.com servers are now being served with a certificate using DigiCert Global Root CA. I'll ask the team to see if we can switch that back to DigiCert High Assurance EV Root CA (or support both), but I can't guarantee if/when that would be done. I'll follow up here with any updates on that.

     

    Either way, we recommend updating your trust store to include DigiCert Global Root CA if possible.

    • 4mooreben's avatar
      4mooreben
      New member | Level 2

      Hi Greg,

      This issue is impacting many embedded client devices which do not maintain a complete certificate trust store and use Dropbox for distributing firmware updates. Instead of a complete certificate trust store, the client devices must be loaded with select certificates that are needed for verifying certificate chains when establishing secure connections to a server.

       

      Since Dropbox is the only server that is being used for distributing updates in some cases, these devices can't be updated to use the new root CA without first switching the servers back to the old root CA.

       

      We need to start a discussion with Dropbox on how we can resolve this issue for our mutual customers. I think this would be best handled off the forum. Please see my email below to contact me directly.


      Best Regards,

      Ben M

      <email address redacted>

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        4mooreben Thanks for the additional information! This has been raised with team internally. I'll follow up here once I have any news on this from them.

         

        I've redacted your email address for the sake of privacy, but for reference, you can always open an API ticket privately here if you need.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    We are working on switching this back now. I'll follow up here once that's done.

    • 4mooreben's avatar
      4mooreben
      New member | Level 2

      Thanks, Greg. I'll continue to monitor for updates.

      I assume this wouldn't be a permanent change on your side. I think it would be good to review the timeline around how long you can keep it switched back for. We will start communicating to our customers asap to make sure they are aware.

       

      Best,

      Ben M

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        We've switched content.dropboxapi.com back to using DigiCert High Assurance EV Root CA. Please let us know if you're still seeing any issues.

         

        4mooreben Yes, that's correct, this switch should not be considered permanent. We recommend updating the trust store, to trust both roots if possible. I'll ask the team for some longer term guidance as to a timeline.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,912 PostsLatest Activity: 9 hours ago
333 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!