how to fix? you need to ensure that the RADIUS server hands out not only ITS cert, but also the intermediates... so just concatenate the intermediates and the RADIUS cert into one single file a send that out (configure that in the eap.conf file) instead. the client will receive the intermediates..which it can link against the known/trusted CA...and the RADIUS cert which is can link to the intermediates.
Thank you for your reply Alan, I have concatenated all the files together in every possible configuration I can think of. Currently what I have is: private_key_file = ${certdir}/lcajra1.key certificate_file = ${certdir}/server.int.root.pem Inside of that Certificate file is: the server certificate, the intermediate certificate and the Trusted root, all that I got from Digicert. When I run radius -X everything works normally and the config file loads those files, and yet I still get "server identity cannot be verified" even though the entire chain is available there. I can verify with openssl verify that my certificate and my chain are OK [root@lcajra1 certs]# openssl verify -CAfile server.int.root.pem -verbose lcajra1_ledcor_net.crt lcajra1_ledcor_net.crt: OK [root@lcajra1 certs]# openssl verify -CAfile server.int.root.pem -verbose server.int.root.pem server.int.root.pem: OK