FireBrick Road Warrior Certificate Authentication: Difference between revisions

Before configuring StrongSwan, you will need to copy your CA certificate (in PEM format, <tt>ca-cert.pem</tt> in this example), and your client certificate (PKCS#12 .pfx format, <tt>client.pfx</tt> in this example) to your phone.

Once copied, open the StrongSwan app, and click "<tt>ADD VPN PROFILE</tt>" at the top right corner of the screen.

* VPN Type: Change this to "<tt>IKEv2 Certificate</tt>"

* User Certificate: Press the "<tt>INSTALL</tt>" button, and using the file browser on your phone, navigate to where you put your certificate, in this example it is "<tt>client.pfx</tt>". You will be prompted for the password you set earlier -when you generated this certificate, enter this password at this point.

* User identity: Change this from "<tt>Default</tt>", to the FQDN of your FireBrick.

*CA certificate: Untick "<tt>Select automatically</tt>", and select "<tt>Select CA certificate</tt>" that will appear below this box when unticked. Once the CA certificates window is open, press the menu button on the top right, and select import certificate. Select your CA certificate here. Once imported, select the "<tt>IMPORTED</tt>" option from the top right of your screen, and select your newly-imported CA certificate.