I deployed wifi cert based profiles for more than 10 customers during my airwatch activity and what I can say is that I had to use a different configuration for each customer.
Usually the issue have to be investigated on the wifi authenticator (usually a radius solution)....
I can also say that using a device-based authentication could be tricky in the mobile world: switching to a user-based authentication for this purpose could simplify the delivery of the solutions; using a device-based authentication mechanism could require also interaction at AD side as Luke said...