[SOLVED] Re: mschap configuration problem

[Piviul]

I have solved all my problems.

_Win7_
As supposed by Alan the problem was truly relative to the certificate; 
the "unknown CA" means that the client can't get the CA certificate to 
validate the certificate.
The problem was tied to the way I installed the certificate in win7. 
Right button on the certificate and choose install certificate doesn't 
works correctly even if on the client configuration settings I can find 
the certificate installed.
In win7 to install a certificate you have to use mmc.exe[¹] or command 
line[²] as suggested from L.P.H. van Belle.

No updates to the freeradius eap configuration file are needed relative 
to tls version to use.

_WinXP_
In winXP it is needed to update ssl support. I have installed the 
KB942288 and kb4019276 and update this registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
I have installed the CA certificate in winxp using the mmc method[¹]

All works like a charm.

Thank you very much indeed to all

Piviul

[¹] 
https://www.thesslstore.com/knowledgebase/ssl-install/how-to-import-intermediate-root-certificates-using-mmc/
[²] 
https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html