IPsec Certificate Authority
A Certificate Authority is required to be setup if you want to use X.509
(certificated-based) authentication. More detailed information on this topic
may be found in your EnGarde manual.
In a nutshell, the CA acts as a trusted entity who "signs" all of the
certificates. When a user connects (using X.509 authentication) the signature
on their certificate is checked to see if it was signed by this CA. If it was
then access is granted.