Problems with CA using PEAP/TTLS

dump at dump at
Tue Oct 11 22:28:11 CEST 2016

Dear list.

I'm using freeradius 2.2.5 on debian for authentication of wireless
access. The problem is that authenticating clients (I'm using PEAP/TTLS)
works only if the CA-certificate is ignored by the client side. When
trying to authenticate the clients using the CA in Network-Manager the
authentication fails. The server certificate of freeradius is correctly
signed and the public CA is selected at the clients (linux using

Is there a possibility to catch the server certificate on the client
side after the transfer to the client. And then checking this server
certificate signature against the locally installed CA-certificate by
hand? For example using tcpdump?

Many thanks in advance

More information about the Freeradius-Users mailing list