Unable to connect because your certificate is not yet valid. Check that your system time is correct

Question

I don't know what i did wrong. My time is correct, i even updated it from microsoft.

client config:

tls-client
client
dev tun
proto udp
remote xx.xxx.xxx.xxx 80
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
comp-lzo
verb 3
reneg-sec 0
route-method exe
route-delay 2
ca ca.crt
auth-user-pass

Server config:

local xx.xxx.xxx.xxx
port 80
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.0.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
comp-lzo
persist-key
persist-tun
#status /etc/openvpn/logs/serverstatus-tcp.log
#log /etc/openvpn/logs/serverlog-tcp.log 
verb 3
float
duplicate-cn
#Limit server to a maximum of n concurrent clients.
max-clients 15
keepalive 20 300

Is the clock set correctly on the client *and* on the server? — Keith Thompson, Aug 07 '11 at 23:41

score 4 · Answer 1 · answered Oct 04 '11 at 04:49

I had this problem too... Check and update (if necessary) the date/time on both client and server. In my case the server clock was NOT correct when the certificate was created. Just correct the clock (date and time) on server, then DELETE old certificates and RE-ISSUE all certificates.

Unable to connect because your certificate is not yet valid. Check that your system time is correct

1 Answers1