Sometimes failing EAP authentication in Windows 11 and WiFi

Thomas Schachtner Thomas.schachtner at
Thu Nov 11 13:58:43 CET 2021

Thanks for the hint regarding the CA validation (i.e. that the client
does not trust the RADIUS's certificate and not vice-versa).
That helped a lot.
In the meantime, I found out what was missing.

In the WiFi configuration in Windows 11 you have to specify the
fingerprint of the CA used to issue the FreeRADIUS server's

The path in Windows's WiFi configuration XML file is
At this location, you need to specify the fingerprint similar to the following:

<TrustedRootCA>xx xx xx xx xx ... xx </TrustedRootCA>

As soon as this node is there, the WiFi connection is working on my side.
Maybe, this can be helpful for anyone else, too...


More information about the Freeradius-Users mailing list