diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 24fe51195..8d71486fc 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -599,6 +599,8 @@ EOD;
 				case 'xauth_rsa_server':
 					$authentication = "leftauth = pubkey\n\trightauth = pubkey";
 					$authentication .= "\n\trightauth2 = xauth-generic";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				case 'xauth_psk_server':
 					$authentication = "leftauth = psk\n\trightauth = psk";
@@ -609,10 +611,14 @@ EOD;
 					break;
 				case 'rsasig':
 					$authentication = "leftauth = pubkey\n\trightauth = pubkey";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				case 'hybrid_rsa_server':
 					$authentication = "leftauth = xauth-generic\n\trightauth = pubkey";
 					$authentication .= "\n\trightauth2 = xauth";
+					if (!empty($ph1ent['certref']))
+						$authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt";
 					break;
 				}