In the document below I see that WLC device certificate be installed on the Cisco WLC as part of the overall getting EAP working process. If the device certificate expires - what would be the impact of any configured EAP-TLS? PEAP? It seems like I've read elsewhere that the certificates that mattered for EAP-TLS were on the wireless client and at the RADIUS server.
You can view the device certificate via WLC GUI at Security/IPSec Certs/ID Certs.