[strongSwan] IKEv2 : Tunnel gets established even when local cert startDate is invalid
Tobias Brunner
tobias at strongswan.org
Thu Feb 16 18:54:39 CET 2017
Hi Sriram,
> "ipsec listcerts" says that the above (device)cert is not yet valid.
> Still tunnel gets established properly.
strongSwan does use seemingly invalid certificates for its own
authentication, but won't accept invalid remote certificates. So if the
server certificate was also only valid in the future, which is not the
case here...
> validity: not before Oct 19 11:44:56 2015, ok
...it wouldn't accept it, unless...
> systime-fix plugin is included.
...this plugin is configured appropriately (see [1] for details).
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/SystimeFixPlugin
More information about the Users
mailing list