Hi, sadly the hints you gave me didn't work. First of all I must say I'm a new user of FreeRadius, so I'll try to give a detailed explanation of my problem. In the begining the radius was functioning ok, the authentication was ok, it consulted the LDAP and if the user was right, the user could connect to the Wi-Fi. We had few defined users and for many weeks nobody connected to it. After that we tried to connect again and this error message appeared: Tue Nov 17 11:26:04 2015 : Error: TLS Alert read:fatal:handshake failure Tue Nov 17 11:26:04 2015 : Error: TLS_accept: failed in SSLv3 read client certificate A Tue Nov 17 11:26:04 2015 : Error: rlm_eap: SSL error error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Tue Nov 17 11:26:04 2015 : Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails. Tue Nov 17 11:26:04 2015 : Auth: Login incorrect (TLS Alert read:fatal:handshake failure): [mguerri] (from client AP_RAU_red_2 port 8 cli CC-AF-78-2B-9F-65) Usuario Rechazado So now the users can't connect, more precisely some devices can't connect. For example some notebooks with Ubuntu 14.04 and newer mobile phones with android. But on the other hand some older movile phones with android can connect to the Wi-Fi, the user is validated. Previously to write to the list I found in the Internet the problem was related to the size of the certification and the solution was to generate cerfication of 2048 size. Because ours were of 1024. I changed it the size to 2048 and after that I did these: openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem openssl req -new -keyout radius.key -out radius.seciu.edu.uy.csr -days 3650 openssl ca -policy policy_anything -out radius.seciu.edu.uy.crt -extensions xpserver_ext -extfile xpextensions -infiles radius.seciu.edu.uy.csr openssl x509 -inform PEM -outform DER -in cacert.pem -out ca.der openssl dhparam -check -text -5 512 -out dh dd if=/dev/urandom of=random count=2 But it didn't function, the message is the same. I did what you told me to do, I passed cacert.pem, radius.key and radius.seciu.edu.uy.crt to the client. But I got the same error message. I don't realize what am I doing wrong... Hope you can help me, thanks in advance Mario