Ensure that the time zone, time, and date has been accurately set with the
show clock commands in privileged exec mode. The clock must
be accurately set before generating RSA key pairs and enrolling with the CA
server because certificates are time-sensitive. On certificates, there is a
valid from and to date and time. When the certificate is validated by the
router, the router determines if its system clock falls within the validity
range. If it does, the certificate is valid. If not, the certificate is deemed
invalid or expired.
To specify the time zone of the router, use the
clock timezone global configuration command. The command
sets the time zone and an offset from Universal Time Code (UTC)
.
The
router can optionally be set to automatically update the calendar and time from
a Network Time Protocol (NTP) server with the ntp series of
commands.
 |
NOTE:
It is recommended that an NTP server is used to set the time on
routers that do not have a clock circuit chip.
|