Hi I'm using freeradius-server-2.0.4 with eap-tls. I have a client cert signed by an intermediate authority B.pem . If I put CA_file = "B.pem" in eap.conf, I have this log: ..... rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 05f2], Certificate --> verify error:num=2:unable to get issuer certificate rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 rlm_eap: Freeing handler ++[eap] returns reject ..... Looks normal because B.pem is signed by self-signed A.pem I don't know how to put this in eap.conf, TLS section, and also looks like client never sends his certificate.... can anybody help me? I need to use the two certificates because I'm not the signer. Thanks a lot P.D. España 1 Alemania 0 rules