That prompt is asking the user whether they want to trust the certificate for that particular connection (SSID). Unless you preconfigure the device using something like QuickConnect or manually, the user will always get that prompt the first time they connect (or when the cert changes) whether the certificate is trusted by a public CA or not.
This is why Microsoft changed the dialog box in Windows 8 to read something along the lines of "If you are expecting to see <SSID> here, click ok."
It's a normal part of EAP-PEAP implementations.