When using public key encryption and agressive mode, the initiator has to send its certificate as a PKCS#7 (encrypted) message, CERT payload encoding 1. Does anybody actually support that? Jörn