Although there are probably server side settings to resolve this, the quick and reliable fix is to use the iPhone Configuration Utility to build a profile and send it to your phone. It is easy and has worked for everyone at my office that has tried it. The utility is a free download for Windows or Mac and once its installed, you just run it and click on "Configuration Profiles" from the list on the left.
You can fill out the General tab with whatever values you want and leave the Security set to "Always"
Then you can scroll down the list to Credentials and click the + button. It will come up and show you a potentially long list of Certificates. If you can get the name of the CA Certificates your Radius server uses from your Network Admin, you can then choose them from the list and add them one at a time. In my case, the Admins told me they didn't use Certificates (probably not true), so I just picked a Cisco Root Certificate and another intermediate client authentication one. I actually do not think these are really used by my server, but it could be different for you. Another way to find them is to click on Window and then Certificates and that lets you choose according to type, so you can click on "Trusted Root" and sort by issuer and find the Cisco root and then in the top drop down choose Client Authentication and click the Intermediate Certification Authorities tab and find an intermediate client authentication certificate. Again, I'm not sure this is totally required, but you should be able to just add the Cisco root and see what happens.
After that, you just go to the WiFi tab and fill in your network ssid, check "auto join" and "hidden network" and choose security type WPA/WPA2 Enterprise. For Protocols, I chose all of the LEAP, PEAP and EAP options but if you know differently about your network, you might use TLS or TTLS or you could just check them all to be safe, since it allows you to choose any combination.
In the Authentication tab in the WiFi area, just put in your username and password and leave "use per connection password" unchecked.
Then go to the Trust tab and you should see the Certificates you chose and you can check the boxes for them and then click the + under Trusted Server Certificate Names and it will add the value "Trusted Server Common Name" Click "Allow Trust Exceptions under that, and that's it.
You can then choose export and keep the default signing type and it will pop up an explorer window and let you choose the location. Desktop is handy. Once its saved there, just mail it to yourself and open it up in your phone. When you click on the attachment, it will prompt you to install and you are done. It seems to work best the first time if you toggle wifi off and then on again, but after that it should auto reconnect when it times out or you leave and re enter the building. You will need to modify and reload the profile whenever you change your password, but you would have to do that in the phone anyway, so its not much more trouble.
Hope this helps and outside of the Certificate issue, I would be surprised if it didn't.
Good Luck
mheidem