On Mon, Jan 28, 2019 at 2:29 AM Tobias Brunner <tob...@strongswan.org> wrote: > Does Windows require the complete chain for the client > certificate?
If you deliberately delete the CA certificate of the client certificate on Windows, then when you try to connect, you will get an error message in red, "Invalid certificate type." This is an "all-purpose" error message Windows gives when it does not like something about your certificates. If you look in Windows Event Viewer, you will see an error from source RasClient saying, "The error code returned on failure is 13819." Again, this is an "all-purpose" error code for certificates. Derek.
