Windows PEAP Certificate woes
So, having spent several days trying to figure out why PEAP certificate validation fails in windows and not a MAC, it turns out that microsoft doesn't like wildcard certs, changing to a regular cert fixed the problem. Though as our certs are from Digicert, we had to install the bridging cert on the RADIUS server and remove the non entrust.net CA's from the server too as documented here