Hi, I need to set up a RADIUS server that accepts certificates which use SHA-256 as signature algorithm (OID sha256WithRSAEncryption). I have set up a FreeRADIUS 2.0.0-pre2 server to see if this would work out of the box. After verifying that EAP-TLS authentication works with SHA-1 certificates I switched to SHA-256 certificate that was created with OpenSSL 0.9.8b, the same that FreeRADIUS was compiled against. Here's a snippet of the log I got from my SHA-256 test: ===== --> verify error:num=7:certificate signature failure rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal decrypt_error TLS Alert write:fatal:decrypt error TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm ===== It would seem there's a problem somewhere. It may very well be in the client I'm using. So, I'd like to know if FreeRADIUS supports SHA-256 certificates? If it doesn't, is the support for them planned? thanks in advance, - Hannu