Hi Anthony, > !!!Selected user cert is CN=TDY Test SCA 4 > 2018 Nov 14 00:35:36+00:00 wglng-17 charon [info] 06[CFG] certificate > \"C=US, O=Teledyne Controls Engineering, OU=Systems Engineering, CN=TDY Test > SCA 4\" key: 2048 bit RSA
That's the server's certificate, selected to verify the authentication. > 2018 Nov 14 00:35:36+00:00 wglng-17 charon [info] 06[TLS] sending TLS peer > certificate \'CN=RA00017.auth, O=Teledyne Controls Engineering, OU=Systems > Engineering, C=US\' > !!! ? why did TLS send SCA 1 cert That certificate is selected based on the identity (whatever it is you configured). If a private key is loaded for this key and identity, why shouldn't it be selected? Did you perhaps use the same key for different identities (or use the same identity for different keys)? Also, how does your configuration actually look like? Regards, Tobias