Zheng, Jiajia wrote: > But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes wrong with EAP-TLS? EAP-TLS requires that the CA be authorized to sign client certificates. See the certificate creation scripts in 2.1.8, they may have fixes for this. Alan DeKok.