Hi, > Is > righhtca2 supposed to work with eap-tls and eap-identity connections? rightca2 is for a second authentication round. Which is not what happens with EAP-TLS (unless you actually use it in a second round after e.g. a regular pubkey authentication). So maybe try rightca instead. Regards, Tobias