Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
0
Helpful
0
Replies

CSS11503-Certificate"not yet valid" Issue

Brendan O'Flynn
Level 1
Level 1

‎12-17-2009 02:42 AM

Hello Folks,

Has anybody come across or experienced the following issue for code 8.20.3.03 on CSS11503 w/SSL Module?

We recently upgraded from 8.20.2.01 to 8.20.3.03 to get around Bug CSCsm50650 on both test and production CSS (both with same hardware, software and running configuration). All worked as expected but when implementing client authentication on the SSL proxy-list we have found that connections fail with"ssl_error_bad_cert_alert" on the browser and certificate "not yet valid" in sys.log. This is usually because the certificate notBefore date is after the current time. We have checked the times on the certificates and they are OK (within bounds) and the time on the CSS is OK (timezone is UTC +1, beginning last Sunday March 2010). It is also possible to try some time later the same day (worked for > 1 hour and other times) and succeed in connecting to the site with the very same certificate which failed previously. A data trace shows a Level 2 fatal alert with correct certificate Validity times.

This issue never surfaced while running code 8.20.2.01. Thanks for your help.

Brendan

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents