I have been doing pre-shared key based site to site vpn, and decided to move forward to advance vpn technology using digital certificate. I am using Windows 2003 as the Certificate Authority to authenticate users. Pre-shared key is easy to setup and configured but it is not scalable, if you have more than 2 sites that need vpn then you may wish to consider CA as your choice of authentication.
This post records the steps I did to setup a CA.
Pre-requisite for CA using Windows 2003:
1. IIS server.
2. Certificate service.
3. Simple Certificate Enrollment Protocol (SCEP) software which can be downloaded from microsoft.