Configure CA Support on a Cisco Router
Step 2 – set the router time and date

Ensure that the time zone, time, and date has been accurately set with the show clock commands in privileged exec mode. The clock must be accurately set before generating RSA key pairs and enrolling with the CA server because certificates are time-sensitive. On certificates, there is a valid from and to date and time. When the certificate is validated by the router, the router determines if its system clock falls within the validity range. If it does, the certificate is valid. If not, the certificate is deemed invalid or expired.

To specify the time zone of the router, use the clock timezone global configuration command. The command sets the time zone and an offset from Universal Time Code (UTC) .

The router can optionally be set to automatically update the calendar and time from a Network Time Protocol (NTP) server with the ntp series of commands.

NOTE:

It is recommended that an NTP server is used to set the time on routers that do not have a clock circuit chip.