hi mate with certificates both the peers have a root certificate of the ca and plus each peer has it;s own identity signed by the same ca. so peer1 certificate will have his public key in it and it is signed by the ca server.
the process of signing is that the ca server hashes the entire certificate including the public key of the peer1and then encryptes the hash using the ca;s private key. this encrypted hash is attached to thepeer1;s certificate.
when peer1 receives his identity certificate it decryptes the hash using the ca;s public;s key from the ca;s root certificate.it proves that the hash was encrypted using the ca;s private key.
then peer1 runs a hash on the certificate to check whether it was tampered or not.
similar procedure is done by both the peers.
now peer1 sends his identity certificate to peer2. now peer2 tries to decrypt the encrypted hash on the certificate using the public of the ca;s root certificate. to check whether the certificate is signed by the same ca whom he trust. once he;s done that then he runs a hash on the certificate to check whether it was tampered or not.
ohh in the ike phase1 a nounce is encrypted by peer1;s private key and send along with the certificate.peer1 after doing the above process tries to decrypt the nounce using the publickey of peer1 which he received from peer1. so it proves that public he received from peer1;s certificate actually belongs to peer1 only.
hope this solves ur query.
regards
Sushil