We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Change of Certification
Hi,
We are using Dropbox API to download firmware updates to our devices. I understand that there has been a recent change with the certification of your servers. This change causes our update process to fail as we are not using a different certificate.
We have been using DigiCert High Assurance EV Root CA to connect api.dropboxapi.com (162.125.69.19) and https://content.dropboxapi.com/ (162.125.69.14) which has been working just fine. Now we get an error "Used wrong CA to verify the peer." It seems like the certificate on the file server has been changed to DigiCert Global Root CA.
This means that we can not update our devices anymore. Can this change be reverted or at least can both certificates be accepted for connection to file server?
Best,
We've switched content.dropboxapi.com back to using DigiCert High Assurance EV Root CA. Please let us know if you're still seeing any issues.
4mooreben Yes, that's correct, this switch should not be considered permanent. We recommend updating the trust store, to trust both roots if possible. I'll ask the team for some longer term guidance as to a timeline.
- Greg-DB
Dropbox Staff
Thanks for writing this up. The content.dropboxapi.com servers are now being served with a certificate using DigiCert Global Root CA. I'll ask the team to see if we can switch that back to DigiCert High Assurance EV Root CA (or support both), but I can't guarantee if/when that would be done. I'll follow up here with any updates on that.
Either way, we recommend updating your trust store to include DigiCert Global Root CA if possible.
Hi Greg,
This issue is impacting many embedded client devices which do not maintain a complete certificate trust store and use Dropbox for distributing firmware updates. Instead of a complete certificate trust store, the client devices must be loaded with select certificates that are needed for verifying certificate chains when establishing secure connections to a server.
Since Dropbox is the only server that is being used for distributing updates in some cases, these devices can't be updated to use the new root CA without first switching the servers back to the old root CA.
We need to start a discussion with Dropbox on how we can resolve this issue for our mutual customers. I think this would be best handled off the forum. Please see my email below to contact me directly.
Best Regards,Ben M
<email address redacted>
- Greg-DB
4mooreben Thanks for the additional information! This has been raised with team internally. I'll follow up here once I have any news on this from them.
I've redacted your email address for the sake of privacy, but for reference, you can always open an API ticket privately here if you need.
- Greg-DB
We are working on switching this back now. I'll follow up here once that's done.
Thanks, Greg. I'll continue to monitor for updates.
I assume this wouldn't be a permanent change on your side. I think it would be good to review the timeline around how long you can keep it switched back for. We will start communicating to our customers asap to make sure they are aware.
Best,
Ben M
- Greg-DB
We've switched content.dropboxapi.com back to using DigiCert High Assurance EV Root CA. Please let us know if you're still seeing any issues.
4mooreben Yes, that's correct, this switch should not be considered permanent. We recommend updating the trust store, to trust both roots if possible. I'll ask the team for some longer term guidance as to a timeline.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
