Thanks for the feedback Cappalli, I kinda guess I knew the answer already but I was hoping I was wrong.
We also tried enabling http redirection and this does fix the cert errors for some clients. However most clients are still getting the error, which makes sense of course. From a technical/security perspective, the error is a good thing however in reality it is rather annoying.
It is as you say though, device makers should step up. We are nearing 2017 and there still isn't a global fix for this rather simple problem. If Microsoft for example would make something similar like captive network assist, the problem would be fixed for 95% of the end users.