I am a grateful user of the dot1x supplicant which came with RouterOS 6.45.1 .
The router can successfully authenticate on wired network with dot1x client and EAP MSCHAPv2 at local radius server.
But I'd like to use PEAP or TTLS to tunnel the authentication request to other radius servers. I copied the certificate of the Root CA of the other radius servers using FTP and imported the certificate. It now shows up as T=Trusted. But the TLS handshake with the other radius server is cancelled by the dot1x supplicant with TLS alert Unknown CA, thus no authentication is possible.
I also tried importing the certificate of the last CA in the chain, which is the issuer of the radius server's certificate. Same result, Unknown CA.
Any hints or ideas?