I am having problems with the server certificate. If I create a server certificate without the XP Extensions, using eapol_test I can get a validation success, but Windows clients give an 0x80420101 error. If I redo the certificates with the XP Extensions I see the following in the certificate: X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://www.example.com/example_ca.crl But eapol_test ends in failure with the following part way through: TLS: Certificate verification failed, error 7 (certificate signature failure) depth 0 for '/C=FR/ST=Radius/O=Example Inc./CN=Example Certificate Authority/emailAddress=admin@example.org' CTRL-EVENT-EAP-TLS-CERT-ERROR reason=0 depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Certificate Authority/emailAddress=admin@example.org' err='certificate signature failure' EAP: Status notification: remote certificate verification (param=certificate signature failure) and "radiusd -X gives: (29) eap_tls: Done initial handshake (29) eap_tls: <<< recv TLS 1.2 [length 0002] (29) eap_tls: ERROR: TLS Alert read:fatal:decrypt error (29) eap_tls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A (29) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read) (29) eap_tls: ERROR: error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error (29) eap_tls: ERROR: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure (29) eap_tls: ERROR: System call (I/O) error (-1) (29) eap_tls: ERROR: TLS receive handshake failed during operation (29) eap_tls: ERROR: [eaptls process] = fail (29) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed (29) eap: Sending EAP Failure (code 4) ID 5 length 4 Do you know what I'm doing wrong? TIA, Nick