[strongSwan] IKEv2 : Tunnel gets established even when local cert startDate is invalid
tobias at strongswan.org
Thu Feb 16 18:54:39 CET 2017
> "ipsec listcerts" says that the above (device)cert is not yet valid.
> Still tunnel gets established properly.
strongSwan does use seemingly invalid certificates for its own
authentication, but won't accept invalid remote certificates. So if the
server certificate was also only valid in the future, which is not the
> validity: not before Oct 19 11:44:56 2015, ok
...it wouldn't accept it, unless...
> systime-fix plugin is included.
...this plugin is configured appropriately (see  for details).
More information about the Users