Hi Sam, In general I'd tend to agree that setting the certs to 1970 was a
bad idea, for one thing none of your logs will match up so troubleshooting
will be come difficult. You may want to consider CRL implications -
currently I don't think Mikrotik implements any CRL checking except for SSL
VPN, but at the rate Mikrotiks developers work that may change in the near
future.
Time wise, its basically NTP, unless you want to consider adding a GPS to
all of your nodes. If your devices are in one place then it might make
sense to have one or two mikrotiks act as a NTP time source for the rest.
If you have a hub and spoke model then perhaps the hub could provide the
time source for the spokes?
Russ
On 3 June 2014 01:02, Sam Russell
Hi all,
I'm playing with mikrotiks for VPNs, and one of the "features" is that the RB750's we have don't hold time when they reboot. I'm planning to build them with NTP access (so if they can get internet then they can get time), but I'm also tempted to generate certs backdated to 1970 instead.
Is anyone else doing this? How do you get mikrotiks to validate certs if the clock keeps resetting on power off - is relying on NTP the answer?
Cheers Sam
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog