Thanks Sebastian, Moving all the Trusted CA's into one file, as you suggested, fixed my problem. I still only use one server-cert. I have been testing with different sized user-certs signed by CA's of various sizes. That's the reason for the 8 different CA's. It would be the same if I wanted to authenticate user-certs signed by different commercial certificate vendors. Again thanks Larry To trust more than one CA, you simply have to copy all the root-certificates into one file: for example: CA_file = /etc/1x/trustedcas.pem I tested this with 3 CAs, and it works. Do you really need 8 different server-certificates? So, how should the server decide which certificate he must send the client? Sebastian -- Psssst! Schon vom neuen GMX MultiMessenger geh?rt? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger - This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately.