Are the machines already joined to the domain and have the certificate installed, or are you trying to connect via wireless to do that?
Probably best to search Windows Single Sign On Wireless and read some of the things on that.
I've had limited success using what I've found, but honestly it's just easier (for us) to hard wire. We push out our certificate and wireless settings via AD and GPOs.
The time it takes to manually create the wireless profile and bypass the certificate check, it's just as easy to hard wire the machine and join the domain. If only tech people are doing the work it's okay, but if end users are doing it, consider that by showing them how to bypass the certificate check, you've basically showed your users how to get on your network without following whatever protocols you have in place. We've had plenty of users that have figured out how to just copy settings from other users and get on the network without the proper patching, anti-virus, etc.