Hotspot 2.0 Profile

Hello. I am trying to setup Hotspot 2.0 (Passpoint r1) in a lab setting. I have a RADIUS server configured to authenticate EAP-TLS, and have successfully created and installed a profile on an iPad that will connect to the SSID providing EAP-TLS...certs, keys and all required settings.

I then created a new profile (starting with the working EAP-TLS profile) that defines Hotspot 2.0 settings (such as NAI realms, RoamingConsortiumOIs, Domain name, etc), the iPad will see the SSID and show it in the SSID list with my DisplayedOperatorName showing nicely. When I try to connect to it, however, I get the message Unable to join the network "HS20DEMO"

I have tried to look at the logs. However, the logs don't make much sense to me. I know I have the SSID configured properly because I have it working on my Android phone via their Hotspot 2.0 profile install methods. I'm not sure what I'm doing wrong.

Is there some other requirement here that I am missing? Do the HS20 profiles need to be signed in order to work properly? That's the only other thing I can think of trying. I reviewed the Configuration Profile Reference documentation many times, but nothing is stands out to me. Any help would be appreciated.

Thanks.

Passpoint Profile:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadUUID</key>
    <string>723963bd-3eb1-4bd4-a62a-36e6cc2fd22f</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadIdentifier</key>
    <string>com.examplewifi.hs20</string>
    <key>PayloadDisplayName</key>
    <string>iOS HS20 test profile</string>
    <key>PayloadDescription</key>
    <string>This is a test Hotspot 2.0 profile providing a key/cert file for EAPTLS/HS20 authentication.</string>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadType</key>
            <string>com.apple.wifi.managed</string>
            <key>PayloadUUID</key>
            <string>8110d7fa-67ec-4b22-9bd7-e8961b71b0c2</string>
            <key>PayloadIdentifier</key>
            <string>com.examplewifi.hs20config</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>PayloadScope</key>
            <string>System</string>
            <key>PayloadDescription</key>
            <string>Example Wifi Hotspot 2.0 Lab</string>
            <key>PayloadDisplayName</key>
            <string>Example Wifi Hotspot 2.0 Lab</string>
            <key>AutoJoin</key>
            <true/>

            <key>DisplayedOperatorName</key>
            <string>Example Wifi Hotspot 2.0 Lab</string>
            <key>DomainName</key>
            <string>examplewifi.com</string>
            <key>ServiceProviderRoamingEnabled</key>
            <true/>

            <key>IsHotspot</key>
            <true/>

            <key>NAIRealmNames</key>
            <array>
                <string>hs20.examplewifi.com</string>
            </array>
            <key>RoamingConsortiumOIs</key>
            <array>
                <string>112233</string>
            </array>
            <key>EncryptionType</key>
            <string>WPA2</string>
            <key>EAPClientConfiguration</key>
            <dict>
                <key>AcceptEAPTypes</key>
                <array>
                    <integer>13</integer>
                </array>
                <key>TLSCertificateIsRequired</key>
                <true/>
                <key>TLSTrustedServerNames</key>
                <array>
                    <string>hs20.examplewifi.com</string>
                    <string>hs20ca.examplewifi.com</string>
                </array>
                <key>PayloadCertificateAnchorUUID</key>
                <array>
                    <string>c0f507e3-2739-42bc-b934-74775405bb2c</string>
                </array>
            </dict>
            <key>PayloadCertificateUUID</key>
            <string>fe4b01ae-e8fe-4d30-a9ee-457bf436fbf9</string>
        </dict>
        <dict>
            <key>PayloadType</key>
            <string>com.apple.security.pkcs12</string>
            <key>PayloadUUID</key>
            <string>fe4b01ae-e8fe-4d30-a9ee-457bf436fbf9</string>
            <key>PayloadIdentifier</key>
            <string>com.examplewifi.p12</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>PayloadDescription</key>
            <string>This is the private key and certificate.</string>
            <key>PayloadDisplayName</key>
            <string>Private Key and Certificate</string>
            <key>Password</key>
            <string>password</string>
            <key>PayloadContent</key>
            <data>MIIQOQIBAzCCD/8GCSqGSIb3DQEHAaCCD/AEgg/sMIIP6DCCBh8G
CSqGSIb3DQEHBqCCBhAwggYMAgEAMIIGBQYJKoZIhvcNAQcBMBwG
...
NZMXmMIrkMvkBAhwM09ez52g6gICCAA=
</data>
        </dict>

        <dict>
          <key>PayloadDisplayName</key>
          <string>CA certificate</string>
          <key>PayloadIdentifier</key>
          <string>CA certificate.cert</string>
          <key>PayloadUUID</key>
          <string>c0f507e3-2739-42bc-b934-74775405bb2c</string>
          <key>PayloadType</key>
          <string>com.apple.security.pem</string>
          <key>PayloadVersion</key>
          <integer>1</integer>
          <key>PayloadCertificateFileName</key>
          <string>ca.pem</string>
          <key>PayloadContent</key>
          <data>MIIGZDCCBEygAwIBAgIJAPIkHYkIhVMLMA0GCSqGSIb3DQEBCwUA
MGoxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARPaGlvMQwwCgYDVQQH
...
Kpg=
</data>    
        </dict>

    </array>
</dict>
</plist>

Relevant iOS Logs (these logs are a capture with SSID=HS20DEMO):

I figured it out. I tried a different vendor's access point and it connected just fine via Passpoint to that access point. I did more research and found a firmware update for the original access point. The firmware update fixed the issue! I was then able to login via Passpoint (HS2.0) with the original access point.

Hotspot 2.0 Profile
 
 
Q