you want two-way trust or client trust to server, much like a website? Either
way for the certs use OpenSSL on your box and to get a CA just self sign it
and also place the signed cert.
openssl req -new -x509 -days 365 -nodes -config openssl.cnf -out ipsec.pem -
follow the prompts to make your private key....
Quoting Justin Ellison <justin at techadvise dot com>:
> I have a working (for me) implementation of IPSec certs on m0n0wall.
> Any devs (with knowledge on how to create certs & CA's - m0n0 can't yet)
> have a desire to see if it works?
> Justin Ellison <justin at techadvise dot com>
Pitbull Technologies <http://www.pittech.com/>
Protecting your Digital Assets