Connect the printer over a wired connection.
Access the printers EWS, go to Security/Certificate Management > Certificate Authority Management.
Click New, then Upload CA (Certificate Authority) from Radius Server (must be in .pem format). After upload, you should see the CA appear as noted below.
On EWS, go to "Security / Certificate Management / Device Certificate Management".
Hit New, Fill in the fields. You should see it in the list as shown below.
Click on the link for the name of the new entry that is generated (not the default). For instance in the above picture, it is "wctestagain".
Select "Download Signing Request". This will have to be signed by the Radius Server, usually via a script.
After getting request signed by the Radius Server, go back into the Device Certificate Manager as in step 4, click on Name of entry (i.e. "wctestagain") as before, and choose "Install Signed Certificate".
Go into Wireless setup. Enter the SSID of the AP for the network with the radius server. For security select 802.1x-Radius, fill in other fields.
In Wireless Setup, for 802.1x Certificate, select the name created in step #6 (for instance "wctestagain") from pulldown.
Under wireless setup, for 802.1x entries, select only the authentication mechanism desired.
Device login name should correspond to the login name defined for the radius server, usually in the conf file on the radius server.
Likewise, device login password must correspond to the password defined in the radius server conf file (for example it's not the shared secret entered during cert signing necessarily). Note that some authentication mechanisms do not require a password.
After setup is complete, disconnect wired connection so it will come up wireless. Monitor radius server logs if unable to connect to network.