Mac OS X versions including Tiger do not make using X.509 Certificates for IPsec or L2TP/IPsec particularly straightforward.
Importing your own PKCS#12 certificate (.p12
file) that contains the CA certificate, your personal certificate, and your private key through the KeyChain Access.app
will most likely fail, since such a root CA will not be trusted properly. This can be seen by a red warning sign when viewing the personal certificate details, and the text This certificate is not in the trusted root database.
This personal certificate will be listed as valid listed as valid but it won't be accepted as it is untrusted because the CA is itself untrusted.
The following procedure has been put together with the help of Jacco de Leeuw, and should work in most instances. Your results may be completely different, however, and we welcome any feedback in this regard. Let us hope the next Mac OS X update will address these issues.
Firstly, the Openswan...