Hi, In Free SWAN, when X.509 certificates are used for setting up connections, in case of X.509 certificate getting rejected( say when the issuer CA is not found), the SA is still allowed to get established. Is this a bug or is there a reasoning behind this operation? Does OpenSwan allow the same? Thanks in advance, Regards, Vinod C