Actually, after tying the above method that is, trying to generate an RSA PRIVATE KEY using the following 3 steps:
- openssl genrsa -out ca.key 1024
- openssl req -new -key ca.key -out ca.csr
- openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
I encountered problems trying to upload to resulting ca.crt into the NETGEAR.
I know that I am missing something there, but while looking for ways to troubleshoot this I discovered that NETGEAR's IKE Policy Configuration includes an option of a Pre-shared Key:
"Pre-shared Key - If this is selected, the key must be entered both here and on the remote VPN Gateway. This method does not require using a CA (Certificate Authority)."
If I can avoid the entire CA headache by using a Pre-shared Key, why not use it? :-)
Alex