Hello, I am trying to setup EAP-TLS and I am getting radius server error "eap_tls: (TLS) OpenSSL says error 20 : unable to get local issuer certificate", "send TLS 1.2 Alert, fatal unknown_ca" Test client is wpa_supplicant 2.1 built on Ubuntu Linux 22.04.2. All tests are done locally on FreeRadius server 3.2.3 (Ubuntu Linux 22.04.2) When I test "client.crt" with "openssl verify ./client.crt" I get "OK". Specifying -CAFile OpenSSL parameter with chained CA cert also produces "OK". All CA certificates (there is also an intermediate certificate) are in /etc/freeradius/certs, /etc/freeradius/certs_eaptls and also /usr/lib/ssl/cert. One certificate per file. FreeRadius's EAP-TLS stanza is cadir = ${certdir}/certs_eaptls private_key_file = ${certdir}/rad.key certificate_file = ${certdir}/rad.crt auto_chain = no Server and client certificates are signed by different commercial CA. All certificates have intermediate CA. eapol_test config file for EAP-TLS is network={ key_mgmt=WPA-EAP eap=TLS identity="blabla@domain.tld" ca_cert="/etc/ssl/certs/chain.crt" client_cert="client.crt" private_key="client.key" private_key_passwd="blabla" } AppArmor disabled. Permissions for all certs are r--r--r-- (at least). OpenSSL rehash done. I have no idea what could be wrong.