Even when authenticating using public keys or certificates, IKE IDs and their corresponding IKE ID types are exchanged between both parties during IKE connection establishment and compared with the configuration. Therefore, configuring the appropriate IKE IDs and their ID types is also important in this case. See Section 43.4, „IKE IDs“ for a more detailed explanation.

When authenticating using a public key or certificate, the IKE IDs to be used must be available when the certificate is created and must be encoded into the certificate. Once the certificate has been created, you can only select from the IDs it contains. You cannot add new IDs or modify existing ones.

The most commonly used type for certificates is ID_DER_ASN1_DN, which corresponds to the owner/subject, or Distinguished Name (DN), of the certificate. All other types, such as ID_FQDN, are specified as a so-called Subject Alternative Name (SAN) when the certificate is created. The value specified in the "Computer Name (CN)" field is also automatically stored as a Subject Alternative Name (SAN).

After creating your own key or importing an external key, you can select the desired ID using the "IKE ID" option in the "System > Keys > Own Keys" or "System > Keys > Foreign Keys" menus.

Please note that this setting will then apply to all VPN connections that use that certificate.