WIFI certificate changed, can't create new profile that works

New Contributor III

We have Cisco doing our wifi infrastructure, and everything was fine until recently - we have 2 ACS systems, both had certificates, and the mobileconfig I was providing contained:
network config:
- auto join set
- security type set (WPA/WPA2 Enterprise)
- Protocols set (TTLS and PEAP)
- credentials (username and password for service account) to get the Macs online
- setting for inner authentication (MSCHAPv2)

Entrust root certificate, which is what signed the ACS servers certificates - so that we can ensure that the ACS certificates are trusted.

When the certificate was renewed, on one of the ACS boxes, they had moved to using a new certificate provider (InCommon).

My first thought was to duplicate the original, working mobileconfig and add the second certificate to it, so that it has both and can thus trust either of the ACS - which one you hit is kinda random, and not helpful in any way.

Using that new certificate, I'm not able to connect to the Secure network - it prompts for credentials. I've provided my AD account and the service account, with not change - it just doesn't work. The wifi login process always tells me it can't connect, I might be too far away, and then offers to do diagnostics. I did that and ended up with a large .gz file full of logs I don't really understand.

I've tried creating two mobileconfig's - on for each certificate - and that doesn't do anything either.

I'm trying very hard to get our network team to give me some kind of feedback about why the connection is failing, since that would possibly be super helpful, but so far, it's just silence.

Has anyone else had something like this happen, and if so, how did you fix it? Help?