So, you should probably create a new certificate with a certified CA or a correct own CA. Install openssl and follow a howto on creating new certificates. Make sure you match Common Name to server.domainname Furthermore change certificate options (like password) in eap.conf. gr, jelle
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0377], Certificate --> verify error:num=20:unable to get local issuer certificate chain-depth=0, error=20 --> User-Name = mike --> BUF-Name = mike --> subject = /C=NL/ST=Netherlands/O=C2C/CN=mike/emailAddress=mike@xxx.xx --> issuer = /C=NL/ST=Netherlands/O=C2C/CN=BDHZ_server/emailAddress=mike@xxx.xx --> verify return:0 rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B 6996:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2004: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.