Hello,

 

The man 8 racoonctl on freebsd port for ipsec-tools 0.8.0 mentions the subcommand 'get-sa-cert', but in fact it is "get-cert" or the shortcut "gc" in the source code.

Quote:

     get-sa-cert [inet|inet6] src dst
             Output the raw certificate that was used to authenticate the
             phase 1 matching src and dst.

 

        { f_getsacert,  "get-cert" }, 
 

       { f_getsacert,  "gc" }, 

 

--

Regards,
Andrei Manescu