hello, I try to configure my freeradius-2.0.3-3.el5 to read our certicate chain with no success :-( . neither CA_file or CA_path directives works as expected in eap.conf . here's my config: /etc/raddb/eap.conf tls { certdir = ${confdir}/certs cadir = ${confdir}/certs/CA private_key_password = secret private_key_file = ${certdir}/radiux-pkiit-2008.key.pass.pem certificate_file = ${certdir}/radiux-pkiit-2008.pem CA_file = ${certdir}/pki-chain.pem #CA_path = ${cadir}/ pki-chain.pem contain the concatenation of our 3 level pki hierarchy ( cat itClass1.crt > pki-chain.pem ; cat itClass2.crt >> pki-chain.pem ; cat itClass3.crt >> pki-chain.pem ) itClass1.crt is self-signed, it signed class2 , then class2 signed class3 CA and finnaly class3 signed radiux-pkiit-2008.pem SSL server . Then, how can I tell freeradius to load that pki-chain.pem ? setting it in CA_file doesn't seem to work, as clients with itClass1.crt loaded cannot negociate TLS handshake with the freeradius server :-( Using the CA_path directive with a certs/CA directory containing the 3 classes certificate in PEM format + a hash on them , generate a segmentation fault on the start of radiusd :-( . is CA_path deprecated ? how should the certificate and hash in that CA_path should be presented ? I heard about C_rehash but cannot find it. Please let me know how to tell radiusd/eap to load my self signed 3 level hierarchy pki . Thanks.