A certificate will provide encryption for the username and password that are transmitting over the wireless link.
If you only want user authentication, and not machine authentication, you can enable termination on the Aruba controller. It is found in the 802.1X Authentication profile.
This option uses the built-in certificate on the Aruba controller, and still passes the authentication requests to the IAS server. No certificate is required on the IAS server.
You can easily put a self-signed free certificate on the IAS server. Microsoft IIS 6.0 has a toolkit that can be downloaded that includes a tool called self.exe. It works very simply in creating a basic certificate.
http://www.microsoft.com/en-us/download/details.aspx?id=17275
You should be aware that neither of these solutions provide a highly secure enviroment. YOu would want to use a unique generated certificate signed by a Trusted third-party CA for that.
Sorry I am not able to provide a step by step guide to solve your problem.