Hi there, Before I open a bug report in Github, I'm hoping that someone else has seen this issue and can advise on a work-around. What I'm trying to do: Use multiple CA certificates for authentication of EAP-TLS supplicants. The CNs in these CA certificates may be identical. What I'm expecting: FreeRADIUS (via SSL library) should use the authorityKeyID in the supplicant's certificate to locate the CA certificate (matching against the subjectKeyID) to validate the supplicant's presented certificate. What I'm observing: FreeRADIUS fails to authenticate client certificates if multiple CA certificates exist with the same CN. The CN appears to be the key which FreeRADIUS uses to locate the CA certificate. More about the test scenario: Attempted with two CA certificates as separate certs in cert_dir. Also tried with both CA certificates in the same file. As long as the CNs are different, authentication happens as desired, with no issues. If the CNs collide, auth fails. When I use OpenSSL to verify the client certs against the CA certs, OpenSSL authenticates the certs correctly even if the names collide. FreeRADIUS appears to be sharing the responsibility of validating the supplicant's certificate with the SSL library, and treating it differently than openSSL does when used independently. -- *Ash Wilson* | Technical Director *e:* ash.wilson@valimail.com This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.