The time of the attestation certificate is not valid

bentuinman · May 29, 2018, 8:30am

Hello,

i have installed PI 2.22, set up LDAP on windows (working)
In the config, tokens, U2F, i have put in https://ip.address.of.pi.server
Then i enroll a new token, select U2F, select a user, put in a password.
When the yubikey is blinking, i touch the yubikey and get: The time of the attestation certificate is not valid.
can somebody help me with this?
i have tried multiple yubikeys

greetings,
Ben

cornelinux · May 29, 2018, 6:48pm

Hi Ben,

you can define a policy, if you have a token with a non valid attestation certificate:
https://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#u2f-no-verify-certificate

Kind regards
Cornelius

bentuinman · May 30, 2018, 7:17pm

Hello Cornelius,

I am not familiar with privacyidea yet, so can you tell me where to change this parameter?

Kind regards,
Ben

cornelinux · May 30, 2018, 9:09pm

Hello Ben,
you need to define a policy.
At configuration -> policies you can define a policy in the scop “enrollment”.
(see the German screenshot)

Kind regards
Cornelius

Bildschirmfoto%20vom%202018-05-30%2023-08-38