Hi Sriram, > "ipsec listcerts" says that the above (device)cert is not yet valid. > Still tunnel gets established properly.
strongSwan does use seemingly invalid certificates for its own authentication, but won't accept invalid remote certificates. So if the server certificate was also only valid in the future, which is not the case here... > validity: not before Oct 19 11:44:56 2015, ok ...it wouldn't accept it, unless... > systime-fix plugin is included. ...this plugin is configured appropriately (see [1] for details). Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/SystimeFixPlugin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
