Hello, I'm running a WPA2 Enterprise Wifi network powered by Freeradius 3.0.12 on Debian Stretch. Currently, Windows guests need to follow a rather long and error prone process like the one described in [1]. The core of this process, is, if I'm not mistaken, to change a default value in Protected EAP Properties configuration window. This default value that needs to changed is the "Validate server certificate" one: its default value is checked (see point 9 in referenced doc). My understanding of this default value is that, "by default, Windows will validate Server Certicate using a list of Trusted Root Certificate Authorities and if no Server Certificate is received then connection is refused with a somehow misleading "Incorrect password" error message".. My questions are: 1- In this context, is correct to say the Server Certicate Windwos is refering to, is a file somewhere in /etc/freeradius directory ? If positive, how does it look like ? A .pem file ? A .der file ? 2- Is it correct to hope that "if WiFi guests are somehow given such a Server Certificate file before trying to connect, they won't need to change Protected EAP Properties" ? Best regards [1] https://documentation.meraki.com/MR/Encryption_and_Authentication/Enabling_W...