HI,
We have NEAppProxyProvider VPN client deployed and the VPN server is using the self signed certificate. We install this server self signed certificate on devices using MDM. In this case TLS handshake still fails saying "Invalid Certificate Chain" so we have couple of questions here:
1. Should self signed certs not work with TLS handshake if installed by MDM?
2. If this fails for self signed certificates would the same use case still fail with enterprise CA (issuing the VPN server cert) deployed by MDM?
Is it recommended to override the TLS chain validation here and set the "SecTrustSetAnchorCertificates" in the both cases but how can we read those custom CAs from keychain in that case? Any suggestions?