First, choose a secure location to store pki, e.g. "~/.verysecure/strongswan"
PKIDIR=~/.verysecure/strongswanCertificates (and keys) can expire. For the ease of future renewal, each certificate and key is suffixed with today's timestamp.
Each of the three scripts, if run with no arguments, prints its usage and exits.
Currently a $PKIDIR has only one ca.
$CANAME=only used as an identifier./ca-key.sh $PKIDIR canameCA certificates can expire. A symlink, representing currently used certificate and key, points to the most recently created ones with a timestamp.
./server-key.sh $PKIDIR server./client-key.sh $PKIDIR client email