Quick update - IOS versioning strikes again; my *pple guru who lives bleeding-edge had a 13.2 pre-release in his kit and what struck me strange was that the Mode option in Wifi Security settings was available if using the "Other..." wifi setup option, wherein my test ipad (a 13.1.2 version) it was not. Short story shorter, we did get ios13 working again, but only on 13.2. any prior version newer than 12.3.2 (June?) has the missing EAP-TLS syndrome on our ipads. Unfortunately, looking at my MDM, a lot of my fleet is exactly in that range. Is it OS update season again already? This doesn't make the certificates compatible with *pple's newly released constraints; I'm still interested in available knowledge where it may exist. Thanks, Ted.