I run this using EAP-TLS from a Mikrotik hAPac device as wireless client with WPA2-Enterprise configured on a UBNT wifi system. It is on 6.44.3; on the hAP, choose station mode, assign the SSID, and the security profile:
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-eap eap-methods=eap-tls group-key-update=1h management-protection=allowed mode=dynamic-keys name=\
EAPTLS supplicant-identity=wifi tls-certificate=TIK_f999 tls-mode=verify-certificate
set [ find default-name=wlan2 ] band=5ghz-a/n/ac basic-rates-a/g=54Mbps channel-width=20/40/80mhz-Ceee country="united states" \
disabled=no frequency=auto frequency-mode=regulatory-domain ht-basic-mcs="" installation=indoor multicast-helper=disabled \
security-profile=EAPTLS ssid=SECRETSSID supported-rates-a/g=24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs=none vlan-id=28 vlan-mode=\
use-tag wireless-protocol=802.11 wmm-support=enabled
Don't forget to load a client cert with private key and the server root so TLS can complete. The UBNT system uses Freeradius on the backend as the AAA server for authentication in this case. I haven't tried it, but looks like you could do PEAP and TTLS as well.
You do not have the required permissions to view the files attached to this post.