You are right about the VPN of course…another certificate involved that is then not set valid.
My time-travelling of Fulcrum did work because I forwarded the interesting port to another Windows machine, and only changed the time on that machine while the time of the box maintaining the VPN was still OK.
But if I recall correctly, the VPN even stayed active for some time if you connect first, and change the time on the ‘VPN box’ while the VPN is up. After some time (like: minutes, half an hour or so…) it failed and you have to travel back to the present, start the VPN again, then travel back. Yeah, painful I know. But something about the VPN might have changed since I did this…
A completely different solution for Beep specifically would be to use a different exploit and attack vector that does not care about SSL. For the ‘phone-related exploit’ the expired certficate was not an issue.