We are having this exact same issue. I currently have an open TAC case trying to work through it (been ongoing for a month since I opened the case). But what happens is they IOS 8 device connects to our Public wireless SSID, and then tries to browse the web. They then get redirected to our ClearPass captive portal. They then go through the registration successfully, and get the receipt page successfully. On the receipt page, is a connect button which authenticates them onto the public SSID and allows browsing. After clicking connect, safari goes to an error screen about not creating a secure connection and the url in the browser bar starts with securelogin.arubanetworks.com.
I think it has something to do with how IOS8 is interacting with the redirects between our ClearPass vm and our aruba controller and something in that interaction is causing the error.
I will let you know when we figure it out with TAC.