Hi, All, I am a graduate student in University of Massachusetts Amherst. Now I am trying to set up a wireless environment with FreeRadius to realize secured access with EAP-TLS. I've generated the necessary CA files by openssl and done all necessary settings in FreeRadius. For more detailed operations and settings, please refer to the list below. Operations and Settings on openssl and freeradius, 1, installed openssl-0.9.7-stable-SNAP-20060731, which is downloaded from www.openssl.org. 2, completed the necessary settings in openssl, which is locaed in /usr/local/openssl/ssl. 3, installed freeradius-1.1.0, which is download from www.freeradius.org. 4, modified some settings in CA.all, which is located in /usr/src/802/radius/freeradius-1.1.0/scripts, and run it to generated the CA certificates for server, client as well as root. 5, added a NAS entry in clients.conf. 6, added a user entry in users. 7, started the radius server with the command "./radiusd -X" normally. 8, with default settings in radius.conf, star freeradius successfully, and it can accept the authentication-request from Windows XP client and return the authentication-accept message. This authentication request should belong to EAP-MD5, and the radius server could respond it correctly by default-settings. ---- the operations below are for realization of EAP-TLS ---- 9, copied the newly generated certificates files to the place so that the freeradius could find them. In my case, I moved them to /usr/local/radius/etc/raddb/certs as well as its subfolder /demoCA. 10, added a new user entry in users, which includes only the username attribute because it is said that EAP-TLS would automatically identify its password and other attributes from somewhere. 11, modified the default auth type to 'tls' in eap.conf. 12, uncommented all scripts related to EAP-TLS authentication in eap.conf, including modification of path to the certificate files in /usr/local/radius/etc/raddb/certs as well as ./demoCA. 13, tried to start the radius server with the command "./radiusd -X", but the error message below was returned always. **** log from terminal of linux where freeradius is running **** rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/radius/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/radius/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/radius/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/radius/etc/raddb/certs/dh" tls: random_file = "/usr/local/radius/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "%{User-Name}" rlm_eap_tls: Loading the certificate file as a chain Segmentation fault **** the end of log **** Now I worried that there is something wrong in the cert-srv.pem. I will appreciate all of you so much if anyone can help me take a look at these certificate files. I attached all of configuration files in the freeradius folder. Please refer to them if needed. Looking forward to your reply. Thanks a lot, Best wishes, Yan