Root CA Certificate, Not Yet Valid
So this is going to be short and sweet...
I could not, for the life of me, work out why my self signed RootCA Cert on my Draytek Vigor2760 router was showing as Not Valid Yet despite doing everything the Draytek help guides said.
Anyway, I got to the point where I was frantically googling to find a result, every other cert was showing as status OK.
And as many of you will know if you have ever worked in IT you will know that often the simplest things are the issue and no matter how many ties users tell you that all we do is "Switch it off and on" it does fix a multitude of sins. Guess what it fixed it.
A very important part of certificates is ensuring Date and time of servers, routers, firewalls are set correctly as certs are precise down to seconds for when they are valid from and to so, I being a responsible IT professional, my devices are correctly synced to a good NTP server ( Inquire Time but still my cert was Not Valid Yet.
pool.ntp.org if your interested) I even forced the router to
Long story, still long. A simple restart was the fix. By not restarting the router after the Inquire Time I had, in fact, stopped the cert from being able to validate against the the internal clock.
So there it is, the fix, Reboot.
I could not, for the life of me, work out why my self signed RootCA Cert on my Draytek Vigor2760 router was showing as Not Valid Yet despite doing everything the Draytek help guides said.
Anyway, I got to the point where I was frantically googling to find a result, every other cert was showing as status OK.And as many of you will know if you have ever worked in IT you will know that often the simplest things are the issue and no matter how many ties users tell you that all we do is "Switch it off and on" it does fix a multitude of sins. Guess what it fixed it.
A very important part of certificates is ensuring Date and time of servers, routers, firewalls are set correctly as certs are precise down to seconds for when they are valid from and to so, I being a responsible IT professional, my devices are correctly synced to a good NTP server ( Inquire Time but still my cert was Not Valid Yet.
pool.ntp.org if your interested) I even forced the router to
Long story, still long. A simple restart was the fix. By not restarting the router after the Inquire Time I had, in fact, stopped the cert from being able to validate against the the internal clock.
So there it is, the fix, Reboot.
My time was correct prior to creating the Root CA and I'm sure it had been rebooted since setting up the time, but on checking the time the Root CA was valid from it was about half an hour after I created it. Solution, go and have a cup of coffee.
ReplyDeleteActually just noticed it's tied to the "Automatically Update Interval" for the time. I created a local certificate and that wasn't valid for just under 30 minutes, so I changed the update time frequency to 1 minute, deleted the certificate and created another and that was valid from within 1 minute.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteSomehow certificates get Valid From set to next day so I have to wait 24 hours...
ReplyDelete