There are many posts on this topic.
This is a normal part of the EAP-PEAP/EAP-TTLS/EAP-TLS process. It has NOTHING to do with whether the certificate is signed by a public CA. It is asking if you trust this "server" (common name in the cert) to send your credentials to, for the connection to this network (SSID).
Therefore, if you have two SSIDs that use different certs signed by the same CA, you will still receive the prompt the first time you connect to each network.
You will see this the first time you connect, across all platforms unless the device is pre-configured (Profile push, MDM, Group Policy, QuickConnect, Onboard, etc)