I'm having an issue telling my server certificate from my client certificate: Issues: Which of these is the client certificate, and which of these is the server cert. in eap.conf private_key_file = ${raddbdir}/certs/cakey.pem certificate_file = ${raddbdir}/certs/cacert.crt CA_file = ${raddbdir}/certs/cacert.pem In /etc/xsupplicant.conf eap-peap { random_file = /dev/urandom root_cert = /etc/raddb/certs/cacert.crt chunk_size = 1398 allow_types = eap_mschapv2 eap-mschapv2 { username = password = } eap_tls { user_key = "/etc/raddb/certs/cacert.crt" user_key_pass = "" root_cert = "/etc/raddb/certs/cacert.crt" root_dir = "/etc/raddb/certs/" chunk_size = 1398 random_file = "/dev/random/" session_resume = yes } Who is the server Private/Public keypair? who is the client server public/private pair?