HI, continuing with Reveal MAP problem with unknown ca's under eap-tls using default configuration.... private_key_file = ${certdir}/server.pem certificate_file = ${certdir}/server.pem CA_file = ${cadir}/ca.pem freeradius tell me this: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0bdb], Certificate --> verify error:num=24:invalid CA certificate rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA well, it isn't a problem: cp server.pem root.pem cat ca.pem >> root.pem then I change CA_file = ${cadir}/root.pem ......and.....eureka!!!! authentication succesfully ....but now there is a problem to check the CRL because root.pem then, something is wrong before making root.pem. ....well, just tell freeradius how to find certificates.... c_rehash /usr/local/etc/raddb/certs also doesn't works I think Reveal had the same problem and I have read about this on mailing list but nothing. Also I've tried to install ca.pem on /etc/ssl/certs using "ln -s". Has somebody encountered problems with this apart from Reveal MAP and me? P.D. route certification into windows isn't a problem, only tell xp_supplicant who is root authority (It was logical)