Re: With EAP-TLS which CAs does SBR trust if none are included the Trusted Root Certificates
Odds are that you are not passing the EAP-TLS piece of the authentication. Without seeing the debug logs from the server, I can only guess. In fact, if the ROOT CA is not added via the SBR admin, EAP-TLS will not even initialize. If it is, then there is a chance that you have a ROOT cert that is larger then 2048 bits. The admin has problems with any root cert over 2048.
I suggest opening a case with JTAC to dig deeper into this one.