nik-mh,
You should be able to export the whitelist by doing:
local-userdb export <filename>
And then you should be able to copy the filename off of the controller using tftp or whatever copy method.
One caveat of doing this is that the RAP whitelist as well as the guest database are just tables in the local-userdb, so if you import this file, the rap whitelist as well as the guest database of the target system will be overwritten with what you exported.
Caveat#2, If you attempt to import this on a different controller than the one that distributed the certificates in the first place, OR if the access point was wiped out, the access points might still have to go through the process to obtain a certificate from the new controller. The whitelist would only indicate what access points are permitted to go through the process..
I am not sure if I enumerated all of the gotchas with this procedure.