Hi, > It seems when certificates is added or modified in database, it can't > be read until ipsec is restarted. Certificates are cached for performance reasons. Try "ipsec purgecerts" to flush the certificate cache and reread the certificate during the next authentication. Regards Martin