Thanks,
On the controller I did:
Configuration >> certificates >> CSR >> 2048 >> our ssl domain name >> fill out rest of details.
Be careful not to click 1024 as the SSL request will be rejected (this delayed me 2 days!!).
I then copied this CSR request and submitted to our SSL certificate supplier.
I went to an online domain registrar linked above, bought a certificate using the CSR created on the aruba controller. They sent me an SSL gs_intermediate_ca.crt file and a mydomainname.crt file.
I then uploaded the CSR mydomainname.crt file to the aruba certificates >> uploads page. It uploaded sucessfully.
I then went to configuration >> management >> general >> and changed Captive Portal Certificate >> Server Certificate to my new certificate.
Then I tested it with a guest client device, unfortunatly even though the SSL page shows up correctly, it still thinks its an invalid certificate :( Google chrome reports "it does not have enough information to know the conection is secure". There is still a red box next to the new domain name.
Any other ideas?