APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Kerio Control Certificate is not valid yet


2014/12/04

This had me scratching my head. A customer had called about not being able to connect by VPN. It turned out he just needed to roll back his configuration a few days due to some changes he had made, but before that I had made my own connection without a problem and had started to look around a little. Imagine my surprise to see this:

Certificate not valid yet

Not valid yet? What the heck does that mean? I even opened a ticket with Kerio and they sent it to Development to investigate! Turns out the problem was simple - a few days later I had another call from the customer and that caused me to make an entry into the Web Filter Whitelist. After doing that, I went to logs so that I could cut and paste a record of what I'd done. This is what I saw:

[19/Jan/2009 21:01:13] admin - DELETE FROM WebFilterWhiteList
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=*easternmarketing*, Description=Eastern Marketing
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=*miele.de*, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=dacor.com, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=easternmarketingcorp.com, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=http://faberonline.com/technicalspecs.html, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=http://www.gecustomernet.com, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=jennair.com, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=mcappliance.com, Description=
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=vikingrange.com/*, Description=Viking
[19/Jan/2009 21:01:13] admin - INSERT INTO WebFilterWhiteList VALUES Server=wickfordappliance.com, Description=Wickford Appliance
[19/Jan/2009 21:02:23] admin - session closed for host 192.168.2.62
 


Well, that's not right! I went to Configuration -> Advanced Options -> System Configuration and found that it too said that the date was 2009. Oddly, the Keep synchronized with NTP server option was checked also, but that would be far too great an adjustment, so of course it wouldn't fix that.

According to The NTP FAQ:


.. ntpd's reaction will depend on the offset between the local clock and the reference time. For a tiny offset ntpd will adjust the local clock as usual; for small and larger offsets, ntpd will reject the reference time for a while. In the latter case the operation system's clock will continue with the last corrections effective while the new reference time is being rejected. After some time, small offsets (significantly less than a second) will be slewed (adjusted slowly), while larger offsets will cause the clock to be stepped (set anew). Huge offsets are rejected, and ntpd will terminate itself, believing something very strange must have happened.


I changed the date and a few minutes later the "Certificate is not valid yet" message went away. So what happened here? It's possible that the CMOS battery is dead. There's nothing in the logs that shows any problems or manual changes.

The NTP FAQ



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Kerio Control Certificate is not valid yet




Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he, by peddling second rate technology, led them into it in the first place, and continues to do so today. (Douglas Adams)

Dead trees and polluting ink. I'll be happy to see them go. (Tony Lawrence)












This post tagged: