red hat network satellite and older system date

you use also an enterprise installation environment like red hat network satellite and configure channels, kickstart options, fill pre and post script section with custom code. This take some time and at end of a working day you want see some results.
Firing up a new empty server and processing installation fail.
Your are nerved and look at ks-post.log:

# cat ks-post.log
...
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information
ERROR: unable to read system id.
ERROR: unable to read system id.
ks-post script start
...

So secure connection to your red hat network satellite failed.

Ommm and why?
Maybe you was lazy and forgot to check new server date.
If new server date is older then the satellite SSL cert startdate you will get a SSL error. Comparing with your red hat network satellite

# echo | openssl s_client -connect satellite:443 2>/dev/null | sed -n '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -startdate
notBefore=Dec 24 12:00:00 2008 GMT

you found a reason and smile.

Right and how to fix?
Well to be lazy furthermore, you need a way to say it to your slave.
You can not use kickstart post script (see ks-post.log above) so you will use
the pre script. You know there is ntpdate to correct the new server date, but kickstart pre script environment support only this commands:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-redhat-config-kickstart-prescript.html
Unfortunately no ntpdate but date and hwclock command.

Set a date after SSL cert startdate and sync it to hardware clock will do the trick at pre script:
# need a server date after satellite SSL cert startdate
# date -s 010100002009
# hwclock --systohc

I'm sure redhat will support in upcoming versions a ntpdate command at pre script section.
In the meantime have a nice day and keep your slaves running...