IKEv2, RHEL 7 VPN Server, WIN 7 VPN Client and Public Keys

I have project where employees and customers will need to login remotely to the company network. Most will be using windows 7/8 systems.
I decided to use VPN/IKEv2. The end users will login to the company network which consist of a RHEL 7 Firewall/Authentication Server, a RHEL 7 File Server, and 30 windows 7
workstations.
The problem I'm having is that my test windows 7 workstations keep issuing an error code 13806 (windows cannot find a valid certificate)
However after reviewing the windows network trace log, what happens after the ISAKMP "hand-shake" between the rhel 7 server and the win7 client. is that windows
starts searching it's certificate stores for a certificate with the appropriate "private" key. It never finds one. That's because I used certutil to generate a self-signed CA cert.
I then generated a client cert for the win7 system and a server cert for the rhel7 server. Now I exported the client cert and associated CA cert with ONLY the public key.
My understanding about SSL , certificates, and asymmetric keys is that the public key is issued to "The World" i.e. to my win7 client, while the rhel7 server "holds" the private key.
So my question is: MUST I export an certificate to the win7 system that has a private key?? Does IKE actually exchange public & private keys??

Best Regards

Guy