> It also says: > # If CA_file (below) is not used, then the > # certificate_file below MUST include not > # only the server certificate, but ALSO all > # of the CA certificates used to sign the > # server certificate. > > Please read ALL of the comments in a module you are configuring. > Selectively reading them means that you miss vital information. > > Alan DeKok.
Except that my server cert does contain a CA cert. I'm not 100% sure it's sufficient, because it was issued from an intermediate CA (it needs to be the signer(s) not the issuer, right?), so I went to another CA got a webserver cert in pem format directly from the root. Downloaded the root CA cert in pem format and appended them.... same error: Error reading Trusted root CA list (null) Do we know this mode is working (No CA_File, but certificate file with server cert + ca cert)? In any case, I'd be willing to experiment more. -- [EMAIL PROTECTED] -- http://www.fastmail.fm - And now for something completely differentÂ… - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html