The controller does have a built-in certificate (securelogin.arubanetworks.com) but you should NOT use this for 802.1X for security reasons. You should install your own certificate on the controller through Configuration->Certificate Manager.
If you use the controller's certificate, then anyone else who has an Aruba controller can impersonate your network. All Aruba controllers use the same factory-default certificate.