Hello. Certificates have limited lifespan. And when certificate will expire, there is a probability that new certificate will not be trusted by clients with old configuration. I am searching the way to smooth it. One of the ideas is to configure freeradius to use two server certificates. They will have different expiration date. So the old clients will be able to use old certificate and the new clients or clients with updated configuration will be able to accept new server certificate. I tried to place two different eap modules one by one like ... eap eap2 ... In hope that this will work like it works with modules with different types (chap -> mschap -> pap). If client does not accept server certificate from the first module, then try to send certificate from the second module. But eap module is not simple and is called multiply times (Challenge response) to setup eap session, thus this approach does not work. And in radius request I don't have any attributes that could help me to narrow request to the specific eap module. So, is it possible to use two or more freeradius server certificates? Or maybe somebody have ideas how to configure eap modules to do it. -- Vladimir