I'm running an WLAN with a pair of ACS3.3(2) servers and 1200 series APs. I use AES encryption and Peap MS-chap authentication.
Everything was running fine until I renewed the SSL cert for the two servers. After the new cert was installed a large number of clients could not connect. A workaround was to check the option "Allow intermediate certificates" on the client. Some clients don't even have this option and I didn't want to have to reconfigure all the clients (in the 1000s) unless absolutely necessary as most don't have SMS yet. I ended up installing a certificate without an intermediate CA from RapidSSL and it works as before.
I had a TAC case open but this only came to the conclusion that the new certificate was the problem.
Has anyone else got this working or is this unsupported?