Cisco Support Community
Community Member

CSS11503-Certificate"not yet valid" Issue

Hello Folks,

Has anybody come across or experienced the following issue for code on CSS11503 w/SSL Module?

We recently upgraded from to to get around Bug CSCsm50650 on both test and production CSS (both with same hardware, software and running configuration). All worked as expected but when implementing client authentication on the SSL proxy-list we have found that connections fail with"ssl_error_bad_cert_alert" on the browser and certificate "not yet valid" in sys.log. This is usually because the certificate notBefore date is after the current time. We have checked the times on the certificates and they are OK (within bounds) and the time on the CSS is OK (timezone is UTC +1, beginning last Sunday March 2010). It is also possible to try some time later the same day (worked for > 1 hour and other times) and succeed in connecting to the site with the very same certificate which failed previously. A data trace shows a Level 2 fatal alert with correct certificate Validity times.

This issue never surfaced while running code Thanks for your help.


CreatePlease to create content