This is a problem mostly with Firefox. I would argue that their OCSP behavior is broken - it does increase security, but presenting some kind of warning when OCSP fails would be a much better idea than just silently failing and refusing to display the page at all. IE will also do an OCSP check but it will fail more gracefully. I don't have experience with other browsers yet.
I have a few answers for you..
1. In AOS 6.1, there is a feature called "Walled Garden" for captive portal, which basically lets you enter DNS names for firewall rules. This provides a mechanism to deal with these OCSP captive portal certificates. Unfortunately....
2. ...the feature isn't available on APs in split-tunnel mode. It only works on the controller. ArubaOS 6.2 will add the feature to split-tunnel mode as well. That will be available in the first half of 2012.
3. In the meantime, I would highly suggest using a captive portal server certificate that doesn't include the OCSP AIA field. Not every CA populates this field - notably if you purchase the cheapest SSL cert from GeoTrust, there is no OCSP field. There are probably others. From what I have seen, the more expensive SSL certs do use this field, since it increases security and they can charge more for it. The cheap ones often do not.
Hope that helps.
-Jon