On 21 Jun 2002, Mike Hicks wrote: > Yep, it sure does. However, I noticed that it also has > > Jun 21 01:11:40 3po Pluto[8780]: loaded my X.509 cert file > '/etc/x509cert.der' (1039 bytes) > > I know that file is probably old -- would that affect this? How would > I generate a new version of that file? With the 0.9.12 version of the X.509 patch, no need -- just blow it away, and specify the certificate using Xcert=<local_cert> (X being left/right, whichever one you specify as using the defaultroute/local interface). Are you sure that you generated the certificates using the CA cert that's in your /etc/ipsec.d/cacerts directory? If so, it's very weird that you're getting those errors.. -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500