Hello, it looks like the IWD is not able to load trusted user certificates. Basically if the certificate is enclosed in -----BEGIN TRUSTED CERTIFICATE----- -----END TRUSTED CERTIFICATE----- I'm always getting an error "Failed to load". Once the user cert is converted using OpenSSL and is enclosed in -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- it can be loaded without any problem. But such a converted certificate is not accepted by the RADIUS in my case. Below is the network configuration file and related syslog output [Security] EAP-Method=TLS EAP-Identity=someuser EAP-TLS-ClientCert=/usr/local/share/ca-certificates/user.crt EAP-TLS-ClientKey=/usr/local/share/ca-certificates/key.crt EAP-TLS-CACert=/usr/local/share/ca-certificates/root.crt Jun 2 01:19:41 somehost systemd[1]: Starting Wireless service... Jun 2 01:19:41 somehost iwd[767]: No Diffie-Hellman support found, WPS will not be available Jun 2 01:19:41 somehost iwd[767]: The following options are missing in the kernel: Jun 2 01:19:41 somehost iwd[767]: #011CONFIG_KEY_DH_OPERATIONS Jun 2 01:19:41 somehost iwd[767]: Wireless daemon version 1.7 Jun 2 01:19:41 somehost systemd[1]: Started Wireless service. Jun 2 01:19:41 somehost iwd[767]: netconfig: Network configuration is disabled. Jun 2 01:19:41 somehost iwd[767]: Wiphy: 0, Name: phy0 Jun 2 01:19:41 somehost iwd[767]: #011Permanent Address: dc:a6:32:49:d4:66 Jun 2 01:19:41 somehost iwd[767]: #011Bands: 2.4 GHz 5 GHz Jun 2 01:19:41 somehost iwd[767]: #011Ciphers: CCMP TKIP BIP Jun 2 01:19:41 somehost iwd[767]: #011Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device Jun 2 01:19:41 somehost iwd[767]: Wiphy phy0 will only use the default interface Jun 2 01:19:41 somehost kernel: [ 169.433109] brcmfmac: brcmf_cfg80211_set_power_mgmt: power save disabled Jun 2 01:19:41 somehost iwd[767]: Failed to load /usr/local/share/ca-certificates/user.crt Thanks! Martin -- System Information: Debian Release: bullseye/sid Architecture: armhf (armv7l) Kernel: Linux 5.6.14-v7l+ (SMP w/4 CPU cores) Kernel taint flags: TAINT_CRAP Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages iwd depends on: ii libc6 2.30-8+rpi1 ii libreadline8 8.0-4 iwd recommends no packages. iwd suggests no packages. -- no debconf information