Hi, We're using FreeRadius (3.2.0) and successfully authenticating clients over EAP-TTLS / Radsec. We had one failed authentication yesterday that I am struggling to make sense of. Verbose logging is enabled so I can see all the details. I can see the usual "Creating attributes from server certificate" in the authenticate section, which then goes on to mention a server certificate (TLS-Cert-Common-Name) that I've never heard of, and definitely isn't installed on our FreeRadius server. The server then sends the following back to the client: "send TLS 1.2 Alert, fatal unknown_ca" I've looked at the C source code but I'm unable to see where this could have gotten mixed up, any advice appreciated. This has only happened once out of thousands of successful authentications.