Hello, I have had the same issue, and it is one that arises when you replace the default captive portal certificate on the Aruba controller (securelogin.arubanetworks.com).
First step is to change the URL in the ip address field on on the NAS vendor setting page of self registration configuration.
Don't use the controller IP adress here, you have to use the same URL as the certificate CN have.
If the certificate is issued to captiveportal.contoso.com, you write captiveportal.contoso.com as IP address in this field (default value is securelogin.arubanetworks.com).
Don't worry about a dns entry for this URL, DNS doctoring magic will sort it out.
Once that this is done, your some computers and browser should work fine.
Others might be a bit more tricky, for instance the MAC/Safari combo. They want to visit various URL's from the certificate chain of your new captiveportal certificate. More specific the CRL and OCSP URL's. You have to give access to these destinations for the guest users prior to authentication through captive portal.
There are a few options to do this, the way I have done it, is I created a destination list on the Aruba controller, and added this to the whitelist section of the captive portal profile on the controller.
You can use URL's as destinations, as long as you have a DNS server configured on the controller (syntax "ip name-server 8.8.8.8", requires restart of controller), and then it will be up to date if they decide to change IP of some of these URL's.
Don't have access to screenshots at the moment, but hopefully this info is useful