The client needs to be configured to trust the CA . Your server should be set to serve out its cert AND intermediates (to ensure the full chain is present for the client). To ease client issues use an 802.1X deployment tool. Alan