Hi, these
err='Server used client certificate' EAP: Status notification: remote certificate verification (param=Server used client certificate)
...having a quick look I see the following: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.2.29 Policy: 2.23.140.1.2.2 thats a heck of a lot of x509 extensions for a RADIUS server. why the "TLS Web Client Authentication" entitlement? - as per the other post that could cause issues. the cert shouldnt be valid for digital signatures or such - I wonder if the TCS are at fault here for some of the assertions/additions? we just have X509v3 Extended Key Usage: TLS Web Server Authentication (and a CRLDP (thanks Windows Mobile and Windows 8!) ) alan