Home » Cisco » 300-209 » What can cause an "invalid not active" status message?
Refer to the exhibit. The "level_2" digital certificate was installed on a laptop.
What can cause an "invalid not active" status message?
A. On first use, a CA server-supplied passphrase is entered to validate the certificate.
B. A "newly installed" digital certificate does not become active until it is validated by the peer device upon its first usage.
C. The user has not clicked the Verify button within the Cisco VPN Client.
D. The CA server and laptop PC clocks are out of sync.
Correct Answer: D
Explanation/Reference:
Explanation: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html Certificates have a date and time that they become valid and that they expire. When the security appliance enrolls with a CA and gets a certificate, the security appliance checks that the current time is within the valid range for the certificate. If it is outside that range, enrollment fails. Same would apply to communication between ASA and PC