Hi Bart,
That guide addresses the use case where the WiNG AP/Controller is used as a Radius server and implements EAP-TLS as the authentication method. Of course, that would require you to add certificates to the AP/controllers that are working as Radius server. Usually, you won't use your wireless infrastructure to perform authentication specially in case of EAP-TLS. Not saying its not possible, but its just not done widely.
In your environment, do you have a Radius server or NAC perhaps that could be used to authenticate Domain computers/user using EAP-TLS? it would be more scalable and easier to maintain.
Regards,
Ovais