[Openswan Users] Certified Validity

[Andy]

On Tue, 2005-08-23 at 20:40 +0200, Andreas Steffen wrote:
> Of course the computer
> clocks must be synchronized by NTP.

Indeed. That's a problem - VPN servers probably are almost always using
NTP, but typically their clients are not - often these are dialup or
otherwise intermittently connected systems.
I always create certificates with a start date at least 1 day ago to
compensate for that.