To start with you will need to generate the necessary certificates, keys and a crl file. The easiest way to do this is to use a frontend like tinyca.

For this example we would need the following files (remember that our systems are called west and east):

The first two files contain the public keys for the leaf systems. copy them to /etc/ipsec.d/certs/ on both machines. testca-cert.pem is the public key of the CA. This file goes onto both machines into /etc/ipsec.d/cacerts/. crl.pem is the certificate revoke list for the CA, which contains a list of disabled certificates. It is normally empty, you would add a cert to this list in case it is stolen, or otherwise compromised. The key files need only to be present on the router they belong to, so west-key.pemwould only go to /etc/ipsec.d/private/ on router west.

These keys are sensitive information, you should NOT put them all on all machines as breaking into this one would compromise them all!