Hi, the issue is solved--well, sort of. As some expected, it comes down to openssl. As a "server cert", FR is best fed the server cert itself with the intermediate certs appended right after. My misunderstanding was that you would put the intermediates (we have two) into ca_file (which had worked for me for many years and versions). What happened was similar to what you see when you try to read a file with e.g. openssl x509 -in file-with-two-certs-inside -text Only the first one will be processed. So it looks like the openssl call on only consumed the first cert from my ca_file, but still considered the chain complete. Equipped with this chain lacking the 2nd intermediate cert, the server happily presented it to the clients. The EAP message delivering cert+chain was formally complete, the M bit was set _correctly_ in its last packet. Its contents was badly incomplete, though. Thanks a lot to those who helped with this Martin -- Dr. Martin Pauly Phone: +49-6421-28-23527 HRZ Univ. Marburg Fax: +49-6421-28-26994 Hans-Meerwein-Str. E-Mail: pauly@HRZ.Uni-Marburg.DE D-35032 Marburg