This can get a bit complex.
1) If the certificate is signed by your internal CA and the client has the internal CA installed (common on AD-joined machines), then you do not have to install the certificate locally. You will however need to either push down network policy through group policy or manually configure clients with your RADIUS server names and select the internal root CA as trusted for the connection profile (SSID).
2) For Windows machines that do not receive the root CA (non-AD joined), they will have to have the internal root CA installed in the local certificate store and configure the wireless supplicant with the RADIUS server names and select the internal root CA as trusted for the connection profile (SSID).
3) Mac OS X devices will prompt the user to trust the certificate (generally requires admin rights). If you manage your Mac OS X devices, the management platform can push down a configuration profile.
4) Mobile device users (smartphones and tablets) will be prompted to access the certificate
5) Chrome OS devices require you to install the internal root CA on the device and select it in the network configuration settings.