[Openswan Users] Certified Validity
Andreas Steffen
andreas.steffen at strongsec.net
Tue Aug 23 21:40:58 CEST 2005
The notBefore date in an X.509 certificate is stored in UTC and
the comparison with the current time is done by *swan in UTC, too.
Therefore a freshly generated certificate can be deployed to any
point in the world and put to use immediately. Of course the computer
clocks must be synchronized by NTP.
In your case I suspect that the timezone information is not set
correctly on one of your boxes, so that the comparison occurs between
a UTC time value and a local time value. See
man tzset
for details on setting your timezone.
Regards
Andreas
Paul Wouters wrote:
> On Sat, 20 Aug 2005, Mauricio Perez wrote:
>
>> I have a freswan VPN , and everytime i create a certified it says
>> that's not
>> going to be valid for about 8 hours,
>
>
>
>> is there any way to make it valid the very moment i created it ???
>
>
> Are you creating it on a machine that is in a different time zone from
> where the certificate will be deployed? As in 8 hours time difference
> perhaps?
> It's a limitation of X.509.
>
> Ofcourse, this assumes both machines are on NTP and have the proper time.
>
> Paul
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list