topic ACI Simulator Sandbox Certificate Error in DevNet Sandbox https://community.cisco.com/t5/devnet-sandbox/aci-simulator-sandbox-certificate-error/m-p/3840103#M3533 <P>Hi,</P> <P>The certificate installed on the ACI Simulator Sandbox (<A href="https://sandboxapicdc.cisco.com/" target="_blank">https://sandboxapicdc.cisco.com/</A>) is not the correct one.&nbsp; The certificate presented when browsing to the APIC has no SAN (Subject Alternative Name) configured, and the Common Name is configured as “devnetsbx-netacad-apicem-1.cisco.com”, which is a URL that points to an APIC-EM (i.e. something else entirely).&nbsp; The certificate configured on the Simulator needs to be changed.</P> <P>I would also highlight that the certificate must have the identities (hostname/FQDN etc.) that will be used to connect to it in the SAN field.&nbsp; The use of Common Name in browsers as part of the certificate identity checks has been deprecated for some time now, so failure to specify a SAN will cause browsers to throw cert warnings.&nbsp; See <A href="https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/" target="_blank">https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/</A></P> <P>Cheers, Lee</P> Tue, 04 Jun 2019 09:49:07 GMT lwainwri 2019-06-04T09:49:07Z ACI Simulator Sandbox Certificate Error https://community.cisco.com/t5/devnet-sandbox/aci-simulator-sandbox-certificate-error/m-p/3840103#M3533 <P>Hi,</P> <P>The certificate installed on the ACI Simulator Sandbox (<A href="https://sandboxapicdc.cisco.com/" target="_blank">https://sandboxapicdc.cisco.com/</A>) is not the correct one.&nbsp; The certificate presented when browsing to the APIC has no SAN (Subject Alternative Name) configured, and the Common Name is configured as “devnetsbx-netacad-apicem-1.cisco.com”, which is a URL that points to an APIC-EM (i.e. something else entirely).&nbsp; The certificate configured on the Simulator needs to be changed.</P> <P>I would also highlight that the certificate must have the identities (hostname/FQDN etc.) that will be used to connect to it in the SAN field.&nbsp; The use of Common Name in browsers as part of the certificate identity checks has been deprecated for some time now, so failure to specify a SAN will cause browsers to throw cert warnings.&nbsp; See <A href="https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/" target="_blank">https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/</A></P> <P>Cheers, Lee</P> Tue, 04 Jun 2019 09:49:07 GMT https://community.cisco.com/t5/devnet-sandbox/aci-simulator-sandbox-certificate-error/m-p/3840103#M3533 lwainwri 2019-06-04T09:49:07Z