Hi Andi,<br> 1st I am no expert .For your first Q , private_key_password= "your pass" is missing from your eap.conf under tls section may be this is why you have to enter the password manually.<br><br>
This is how my tls section is<br>tls {<br> rsa_key_exchange = no <br> dh_key_exchange = yes <br>
rsa_key_length = 512 <br> dh_key_length = 512 <br>
verify_depth = 0 <br> CA_path = "/etc/raddb/certs" <br>
pem_file_type = yes <br> private_key_file = "/etc/raddb/certs/private.pem" <br>
certificate_file = "/etc/raddb/certs/server.pem" <br> CA_file = "/etc/raddb/certs/ca.pem" <br>
private_key_password = "whatever" <br> dh_file = "/etc/raddb/certs/dh" <br>
random_file = "/etc/raddb/certs/random" <br> fragment_size = 1024 <br>
include_length = yes <br> check_crl = no <br>
cipher_list = "DEFAULT" <br> make_cert_command = "/etc/raddb/certs/bootstrap"<br>
}<br><br>Try the configuration. This is the default one except private_key_file name changed.<br><br>Regards,<br>Prateek<br>