Table of Contents
I recently had to configure Strongswan with Certificate Authentication to a Checkpoint GW and got lost a bit in all the articles I could find about the openssl utility and how to generate a CA, CSRs, sign a certificate and so on.
I will summarize here the steps required for generating the CA/cert so that everything is in a single place.
I give an example with RSA and one with ECDSA.
The changes are minimal.
On the Checkpoint side I only had to import the CA from Strongswan side and configure it under the Public Key auth pertaining to the Network Interoperable Device (representation of 3rd party device Checkpoint wise).