Filter by:
  • Solution
  • Technology

answers

newly created client cert triggers error

Updated 1/17/2013 • Originally posted on 16-Jan-2013 by hui 0

Our solution enables user to download a new client certificate from CA, in realtime. Once done they have to wait for a while, e.g. half minute, before accessing our web applicatin site. Otherwise, F5 which required mutual ssl, throws an error saying "certificate is not yet valid". My understanding is that CA & F5 may have slight clock difference and therefore the newly created client cert is not technical valid yet.

Is there a way to make F5 more lenient on the certificate's "not before" value, so that the minor clock difference won't shut out the client?

Thanks, 

0
Rate this Question

Answers to this Question

4 Answers:

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jan-2013 • Originally posted on 17-Jan-2013 by hoolio 2055
Hi Hui,

I'm not sure what options you have for loosening the time check. You might be able to disable it or set the LTM time a bit slow. But the real solution is to make sure both devices are using NTP to sync their clocks. How could a CA not being using NTP??

Aaron
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 24-Jan-2013 • Originally posted on 24-Jan-2013 by hui 0

Is there a way to disable "not before" check on F5? Playing around clock doesn't sound attractive as I can't foresee the impact.

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 25-Jan-2013 • Originally posted on 25-Jan-2013 by What Lies Beneath 6427
I wouldn't have thought so and there would obviously be security implications too. I'd suggest it would be better to discuss the time issue with your CA.
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 01-Feb-2013 • Originally posted on 01-Feb-2013 by Arie 1951

It would be highly unlikely for a CA to not have the correct time. Is the LTM-clock right? I've seen LTMs failing to contact the NTP-server (e.g. LTM mis-configuration, firewall rule).

;