When setting up WPA you will see the option for either a radius server (Enterprise, and you see this in the corporate environment) or a place to enter a passphrase (Pre Shared Key, PSK).
But when you need a second certificate, you need to install that again on all clients.
Here is a link with further information: Creating Certificate Authorities and self-signed SSL certificates First, about the distinction between key and certificate (regarding "CA key"), there are 3 pieces used when talking about public-key certificates (typically X.509): the public key, the private key and the certificate. You can sign and decrypt with the private key, you can verify (a signature) and encrypt with the public key.
Use the following instructions: Open and add the certificates snap-in.
I'm not clear on the difference between a CA key and a certificate. I then install ss CA into the root keystore on my client and setup my server to use certificate C. The second option seems like a much simpler process. In a company you might set up your own CA and install that CA's certificate in the root keystore of all clients.
Secondly you can change the SSID to what you want, and the channel to 1 or 11.