The main problem seems to be the handling of SSL/TLS version handling of iOS11 + SHA-1 certificates + CBA (Cert Based Authentication).
Since iOS10.3, SHA-1 certificates are not supported anymore except they were pushed via an EMM system (Apple Support).
Wait for iOS11.1 (last posts), first beta version is available.
- All certificates with SHA-2
- Deactivate SSL3 or Activate TLS1.x
- Optional: Change the hashfunction for SCEP