The way SSL certs are being signed has changed. In the past, a Root CA signed
SSL certs directly. Now (as of this year), allegedly the industry (at least
SecureTrust/TrustWave) now have a Root CA sign an Intermediate Chain Cert, which
in turn signs all down-stream SSL certs.

What's that mean to you?

Windows machines doing 802.1x try to validate the SSL certificate by default.
For that to happen, they have to know about the chain cert that signed the
server's SSL cert.

Windows OS's don't know about the new chain cert. So you'll have to import it.

You can grab the cert from https://wifireg.defcon.org/ca.php

Download the "wifireg.cer" file - double-click, import it.

From that point, you can "validate" the cert and proceed.

(Your other option is to opt not to validate, and the login process will proceed
as if you used a self-signed cert).

We've been testing this the last couple hours and believe this is currently what
many people are seeing (and what we see in our logs).

Try this - if it doesn't work, let us know and we'll dig into it further.