Ideally the certificate used by the RADIUS server should be from a CA that the client trusts. This can stll be a private CA certificate. What I typically do is create a WiFi group policy, and place that trusted private certificate into that so that clients will trust it automatically. If you are using an AD based CA server to issue the certificate then this is done automatically. If the client is not initiating the connection automatically then you need to go look at the group policy. One of the "connect automatically" options has not been selected.
... View more
