Hi, > Rightca does not work either. If I use rightca, the authentication seems > to fail always, even though the certificate hierarchy is correct. > Rightca works when I dont use eap-tls. The constraint is correctly enforced.
Do you use the eap-tls plugin or RADIUS? It only works with the former (since 5.3.0), the daemon won't have any information about the certificate chain used during EAP-TLS with the latter. Regards, Tobias
