Hi, I've got a .mobileconfig file set up that will allow a macOS/iOS user to connect to my SSwan VPN server (5.6.1) In it I have a cert payload defined containing both the intermediate and root cert of the server certificate. This all works just fine
However, our security people are objecting to the fact that I'm installing a root CA on the client device. Server cert has an intermediate cet between it and the root CA server config is conn it-services-ikev2 left=%any leftauth=pubkey leftcert=vpn.york.ac.uk.pem [email protected] leftsendcert=always leftsubnet=0.0.0.0/0,::/0 leftfirewall=yes right=%any rightauth=eap-radius rightsendcert=never rightgroups="Cserv" eap_identity=%any keyexchange=ikev2 rightsourceip=%itservices fragmentation=yes auto=add If I remove the root cert from the mobileconfig, connection fails. Should I be able to connect without the root CA in the payload? Rgds Alex
