I suppost wthat I want is to have the Fortigate to use the wifi / SID / Authentication local to use eap-tls and the client and Fortigate to have matching certificates. Possible? Or do I need to have a Radius for that? Sound like a waste to have a Radius for one user.
If you are looking for configure with WAP2 Enterprise with EAP TLS (Certificate) you need to have radius server or Fortiauthenticator. In Fortigate you can configure EAP-PEAP with configuring the local user on Fortigate.