Hi,
Thank you for the answers. I have concatenate the ssl certificate with the intermediate certificates, dos2unix the result, and add some CR. At this point, windows accepts my certificate, but complains that it is not an "anchor" and that My server doesn't support "NPS bla blah blah". I don't see what is the meaning of this.
With OSX, I must accept manually my certficate. It doesn't make sense for me, because all the chain is now valid (since the root CA is in the store.
Thank you anyway. It is a lot better.
It's not good until it works :-) Some OSes are more picky than others when it comes to accepting certificates. There are many more parameters than "the chain is okay". I don*t know if you are working in an eduroam context or not, but our EAP server cert recommendation pages might help in any case. See here: https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-sit... And the "is not an NPS server" nonsense is unrelated to the certs, IIRC. Don't recall which option to set/unset in the client from the top of my head though, sorry. Greetings, Stefan Winter