I am having an issue very similar to the link below.
I have used the link below to change my validity to 5 years
I have gone into Certificates -> Personal -> Certificates and requested a new cert. I select AD enrollment policy, then domain controller authentication and I get a 5 year cert.
When I go into NPS, select the policy, go to the constraints tab, select PEAP in the authentication methods, and click edit I only have the root CA SSL cert, not the one I requested.
When I try and use this cert to authenticate a iPhone it doesn't work.