Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Debug Message: Cert not valid yet



Article ID: KB5159 KB Last Updated: 30 Jul 2020Version: 7.0
Debug Message: Cert not valid yet
  • VPN using Certificates

Symptoms & Errors:
  • Debug Message: Cert not valid yet
  • Traffic not passing through VPN

This is a symptom of the system clock on the Firewall, if the firewall is behind the clock on the CA server.  Make sure the timing of the CA server matches that of the Firewall.  As long as the Firewall's clock is ahead of the CA server, you should not get this message.  

Set up the CA server and the Firewall using NTP (best scenario is if they are in the same time zone).  Make sure the global time is nearly the same, and if possible, make sure the Firewall clock is equal or ahead of the CA clock.  When calculating time, try converting the time to GMT.  For example, in California, the GMT zone is -8.

Modification History:
2020-07-30: Article reviewed for accuracy; no changes required.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search