A network appliance may be a computing device (e.g., a desktop computer, laptop computer, a router, etc.) that communicates with a server via a network. To ensure privacy and security during communication between the network appliance and the server, authentication and verification mechanisms may be used. One such mechanism is known as a public key infrastructure system.
In a public key infrastructure system, a network appliance may send a certificate signing request (CSR) to a certificate authority in order to apply for a signed identity certificate. Before creating a CSR, the network appliance may first generate a key pair (including a public key and a private key), keeping the private key secret. The CSR may contain information identifying the network appliance (e.g., its distinguished name in the case of an X.509 certificate), and the public key generated by the network appliance. If the request is successful (e.g., if the identifying information, credentials and proofs of identity are satisfactory), the certificate authority will send back an identity certificate (also known as a digital certificate, signed certificate, public key certificate, etc.) that has been digitally signed with the private key of the certificate authority. This identity certificate may then used by the network appliance to authenticate itself to the server and other networked devices that trust the certificate authority.
A network appliance may perform various functions (e.g., monitoring network characteristics, monitoring devices on the network, indexing local network resources, etc.) that depend on the network appliance having an accurate time base. Initial time data may be provided to the network appliance via designated time servers. For systems using secure communication, time servers may only be accessible behind an https proxy that requires client certificate authentication. The client certificate authentication will not be successful when the time of the network appliance is too far in the past, which may happen if, for example, the hardware clock of the network appliance has failed, the on-board battery that keeps the clock of the network appliance running during shutdown is dead, etc. If the authentication fails, the network appliance will not be able to obtain accurate time data from the time server. As a result, the network appliance will not function properly until an operator intervenes and resets the time on the network appliance.