FYI:  So here is the process that I used to get Dave’s Pixel 6 working with BCNet – but not the require cert validation yet.

So Dave had the typical configuration of PEAP with MSchapv2 and using system cert.  It kept trying to connect, but would not do so.  I tried “Do Not Verify” and the other options including “require verification”.   None of them worked.  I also used the bcnet.beloit.edu as the domain which may be required.  All options kept trying to verify even though that option was not selected.  Even “Do not verify” kept trying to verify.
  So I had him go to https://itweb.beloit.edu/wificert to download the sertigoRootCA.cer file.  One then has to install it as a Trusted Certificate.  Then one can assign it in the BCNet profile as a cert option.   
   Again, I tried every option from “Do not Verify” to “Require verification” and none of them worked.  Same problem.  So I had him revert back to system CA’s which he was originally on.  Then the “Do not Verify” finally worked.  
  
    This is not orthodox.  But it works for those phones.  It seems that the CA settings need to get toggled before they will allow you to use “do not verify” for system CA’s. 
    My long term goal is to get “require verification” to work.  Still working on this with Aruba.  But these steps provide a path.  The only purpose to download the cert from our site is to give us a toggle situation.  I bet it doesn’t matter what cert you download since you won’t be staying with it anyways.  I bet we could use any cert we want.  All we are doing is getting the phone to allow us to toggle.  Then for some reason, the options finally matter.  Otherwise, its like cached permanent on “verify certificate”.