Ruijie Community

Title: The RSR10 router is used to perform digital certificate-based IPsec authentication, but negotiation fails after the router is restarted. [Print this page]

Author: admin Time: 2017-5-4 20:12
Title: The RSR10 router is used to perform digital certificate-based IPsec authentication, but negotiation fails after the router is restarted.
The RSR10 router is used to perform digital certificate-based IPsec authentication, but negotiation fail safter the router is restarted.

Author: admin Time: 2017-5-4 20:13

Because the RSR10 router does not have an embedded clock chip, the router will restore the default time setting after restart. If digital certificate-based IPsec authentication is performed at the same time, the validity of the certificate will fail to be verified. To solve the problem, use any of the following methods:

1. Configure a Network Time Protocol (NTP) server on the RSR10 router so that the system time of the router can be synchronized correctly after the router is restarted.

2. Configure time-check none under the trustpoint of the certificate to disable certificate time check.

crypto pki trustpoint ruijie

time-check none

Welcome to Ruijie Community (https://community.ruijienetworks.com/)