cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

[Sergio]

Alan DeKok escribió:
> Sergio wrote:
>   
>> But the debug I posted shows that radius doesn't recognize the issuer of
>> client cert using default certs. If default certs works and I don't need
>> to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting
>> alan?
>>     
>
>   You need to follow the documentation in eap.conf.
>
> 			#  If CA_file (below) is not used, then the
> 			#  certificate_file below MUST include not
> 			#  only the server certificate, but ALSO all
> 			#  of the CA certificates used to sign the
> 			#  server certificate.
> 			certificate_file = ${certdir}/server.pem
>
>   Have you done that?
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   

I've tried several times. First, i need to use CA_file because i'm 
configuring eap-tls and radiusd won't parse eap.conf. Then I've tried:
-cat ca.pem >>server.pem doesn't works (i think it's right if i want to 
use peap or similar, based on this paragraph of eap documentation)
-CA_file = ${cadir}/ca.pem
  CA_file = ${cadir}/server.pem
  because you permit a list of trusted ca (although server.pem isn't a 
ca cert)
-cp server.pem root.pem
  cat ca.pem >>root.pem
  CA_file = ${cadir}/root.pem works, but i think then I can't manage the 
crl.

Then:
a) i'm a little stupid (I don't know any other term)
b) i have no idea about english language (many probabilities)
c) a) and b) and bad manners (but trying to be a nice boy)