Prerequisites for Using Certificate Authentication
If the Require FQDN option is set in the enrollment configuration (by default it is), the managed hosts must have a fully qualified domain name (FQDN).
The clocks on all the managed hosts must be approximately on the correct time. The issued certificates have a validity period starting one hour in the past and the issued CRLs likewise have a one hour marginal in their thisUpdate timestamps. This means that a clock that is more than an hour late will cause problems when validating a new certificate or using a just issued CRL.
Copyright 2014 SSH Communications Security Corporation This software is protected by international copyright laws. All rights reserved. Contact Information