Thanks for you answer, unfortunately we're not using active directory or in a position to apply policies to our users computers. The wireless users will just be authenticating to a flat users file, which currently works great except for these certificate problems I have encountered with windows.