From the debug output it seems that client PC says that the server certificate is issued by an unknown CA but it is installed the same way that the example one. Also, I verified that the server certificate from my custom PKI is correct and has been issued by the custom CA whose certificate is installed in my PC's certificate store. I made sure also I added the correct usage extension for WiFi.
Did you add your ca.pem file from our own PKI to FreeRADIUS and reference this within mods-available\eap? If the server key and certificate are in the same file, you would have set this as follows: private_key_password = something private_key_file = ${certdir}/server.pem certificate_file = ${certdir}/server.pem Then you would set your reference to your ca.pem file: ca_file = ${cadir}/ca.pem The directories referenced above are defined in radiusd.conf: certdir = ${confdir}/certs cadir = ${confdir}/certs Sam