Just been browsing our FR log files having migrated a server to Ununtu 18.06 from 16.04 and noticed the following error message ERROR: Couldn't get issuer_cert for eapoltest2020@york.ac.uk epoltest2020@york.ac.uk is a test client cert generated using our local pki manually pused to FR via eapol_test. We've been using a version of that to perform health checks for TLS validation for years and I've only just noticed the above message ( running 3.0.22 from git) doesn't matter whether I use pem files or p.12 flles in the wpa_supplicant .conf file still get the message. On the server, in our /etc/freeradius/mods-enabled/eap file I have a ca_file set to a file with a list of all the root/ intermediate CAs that might issue a client certificate. ... again that hasn't changed for a long time. TBH these servers have been fit and forget for a long time, so the error message might have been there for a while. The client successfully auths via an OCSP validation so its not causing any problems ..... other than its there and I feel it shouldn't be, the ca_file specified has an extension of .chain ... but that shouldn't matter should it ? Rgds Alex