Hi, In my setup, I am trying to verify the working of *CRLCheck *option in the tls config block of radsecproxy. I currently have a CACertificateFile statement in the radsecproxy config that is pointing to a ca.pem. I created a CRL using the ca.pem and ca.cnf and issued a SIGHUP to radsecproxy only to find the following error message:- Jan 18 11:31:56 2021: verify error: num=3:unable to get certificate CRL:depth=0:/C=FR/ST=Radius/O=Example Inc./CN= 127.0.0.1/emailAddress=admin(a)example.org Jan 18 11:31:56 2021: tlsconnect: SSL connect to 127.0.0.1 failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Looked like radsecproxy tried to pick up the CRL file but it could not find it where it was expecting it. Hence I removed the CACertificateFile option from the TLS block of the config file and added CACertificatePath option that points to the directory that has the CA and CRL files and now I am getting this error. What am I missing here ? ....Jan 19 08:05:36 2021: tlsconnect: connecting to 127.0.0.1 Jan 19 08:05:36 2021: connecttcphostlist: trying to open TCP connection to 127.0.0.1 port 2083 Jan 19 08:05:36 2021: Connection up Jan 19 08:05:36 2021: connecttcphostlist: TCP connection to 127.0.0.1 port 2083 up Jan 19 08:05:36 2021: verify error: num=19:self signed certificate in certificate chain:depth=1:/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin(a)example.org/CN=Example Certificate Authority Jan 19 08:05:36 2021: tlsconnect: SSL connect to 127.0.0.1 failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Jan 19 08:05:36 2021: tlsconnect: SSL connect to 127.0.0.1 failed Jan 19 08:05:36 2021: Next connection attempt to 127.0.0.1 in 60s ....Jan 19 08:06:36 2021: tlsconnect: connecting to 127.0.0.1 Thanks Imtiyaz