When root CA is defined as Trusted, but LDAP users use Subordinate CA, SNX or Mobile VPN access does not work.
Debug of VPND daemon per sk89940 will show:
fwCert_FixChain: Can't find the chains' root CA in my token
http_vpnd_verify_cert: Could not complete the certificate chain till the root CA
"Malformed reply from server" error message presented to iOS/Android Mobile VPN user.
Malformed reply from server
The SNX server does not support Subordinate CA server.