Hi,
If you have deployed your own CA Infrastructure you can deploy the certificates and policies via the Group Policy, also check out this article it defines the process and steps to carry out the configuration for this kind of scenario - nps-manage-cert-requirements. If the Certificate is not configured in the NPS server it will be rejected so external Certificates is not used.
How NPS integrates with the CA Infra - nps-manage-certificates
Process on deploying Radius/WIFI clients - nps-radius-clients-configure
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.