I had actually opened a ticket with Aruba on the issue. Two weeks later they came back with spin up a web server and deploy the cert that way.
I enabled IIS on my workstation and dropped the required cert into the main site folder. With the iOS device, when Via prompted, i put in the URL of the web server with the cert name:
http://<workstation name/IP>\<name of cert>.pfx
Put in the password and it should download the cert and allow the app to continue.
When I'm done, I stop IIS so that I dont have a rogue webserver on the network.
Alot of this has to do with the iOS 12 changes and apps having access to some of the certificate stores.
Hope this helps you out, let me know.