Hi, thanks for you reply (extensive to the others), > Just put both CAs in the directory pointed to by CA_path.
Curently my CA_path is where my users certificates are stored. I thought I had to offer a different server certificate to the user. I was able to make it work (PEAP only, not the TLS) by pointing to that certificate via 'certificate_file =' and the public CA chain via 'CA_file ='. Could you give me a hint about you tip, that seems to be easier. I agree 100% about the security concerns on using a public CA. The problem is that we need to make the usage process as simple as possible. Students and teachers are easier to help, but we have seasonal/sporadic users (short curses, seminars), and requiring any intervention has been creating complaints (and is considered annoying). Even a simple root CA installation procedure (for Windows only clients) is considered annoying. So that´s why are considering the public CA - Microsoft could have done things easier for us :) Thanks! Fernando. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html