The reason that you see the securelogin.arubanetworks.com certificate instead of your site certificate is that in order to redirect to the captive portal, the controller or AP needs to intercept the secure traffic before it can do the redirect.
If you were to go to http://cranmal.cranburyschool.org (without an s in http), you would probably not see the certificate warning, as intercepting unsecure HTTP traffic can be done.
If you use HTTPS secure traffic in your initial request, you will always see such a warning that indicates that you are not communicating to the webmail server (but to the captive portal redirect).
As HTTPS is designed to prevent interception, such warning cannot be prevented if people go to an HTTPS site before they have authenticated.
And, as stated earlier, that the certificate for securelogin.arubanetworks.com shows expired can be solved by upgrading the Aruba firmware. What that will result in, is that you still see a certificate warning that the site does not match, however the red 'expired' message will disappear.
Herman