EAP-TLS certificate untrusted

[Etienne Muesse]

>    You need to configure the certificate chains as documented in the mods-available/eap module.
I tried multiple ways but normally I used the documented approach:
- certificate_file contains only the server certificate (no chain)
- ca_path has two files in it, int-ca und root-ca. again, single 
certificates, no chains
- auto_chain is set to yes
>    For now, set
>
>   reject_unknown_intermediate_ca = no
>
It works with "no" but I dont want this setting for production ;)

Best regards,
Etienne