The Problem

I was trying to configure a Strongswan IPSec client on my Android phone to tunnel to StrongsWan/FreesWan on a linux server. It almnost worked but I got an error:

No trusted public RSA key found for XXXX

Where XXX was my X.509 certficate details.

Strange – as my client and server and CA certificates were all self generated and worked with Windows IPSec client talking to the same IPSec server.

The Solution

I searched and found this article

What it was suggesting was that the Android Strongswan client:

that the configured server address/hostname is contained
in the certificate as subjectAltName. 

If that's not the case you have to configure the server 
identity manually in the VPN profile, either to a 
subjectAltName that's actually contained in the certificate 
(if the server finds a config with that identity) 
or to the full subject DN of the server certificate

What does this mean in reality? (NB Thanks to the person who answered the question)

FIrst, get the Certifcate details via

 openssl x509 -noout -in certificate.pem -subject

The result will be something of the form

subject=C = GB, ST = YY, L = XX, O = ABCD Certificates, OU = ABCD CA, CN = ZZZ, emailAddress = info@dumphuc.com

edit this and remove spaces to

C=GB,ST=YY,L=XX,O=ABCD Certificates,OU=ABCDCA,CN=ZZZ,emailAddress=info@dumphuc.com

On the Android phone enter this into the “Server Identity” line of the VPN profile

Configure the other VPN settings in the Android client and, voila, the VPN will work