For 802.1x authentication you need an SSL Server certificate on your RADIUS server; and that certificate must be trusted (and configured) by your client.
You should put the certificate on most cases on the RADIUS server, NPS in your case, however the controller can present a certificate to the client as well. This is called 'Termination' in your 802.1x Authentication profile. Your screenshot shows that the controller terminated the RADIUS connection with its built-in certificate. If you did setup your AD with a certificate, you may need to switch off Termination on the 802.1x authentication profile.
If you need to setup NPS, this post: http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672 may help in setting up NPS correctly.
Herman