The RADIUS certificate is only used in EAP authentication transactions, not for captive portal which typically uses PAP or CHAP for the authentication.
Good catch by Troy on the RADIUS server terminating. Putting the same certificate as you have for HTTPS as your RADIUS certificate may solve that as well, if you don't feel comfortable putting a self-signed cert as your RADIUS cert.