Hi Dan,
Can you describe, where you see the invalid error message?
Normally, you will always see this message, when you redirect to a captive portal. The reason for this is that the browser is trying to connect to something like "https://www.google.com" and is expecting a certificate from www.google.com. But due to the redirect, it is getting a certificate for e.g. securenetworks.arubanetworks.com. This mismatch creates the invalid certificate message. There is no way to avoid this.
You can only get around this, by not using a HTTPS enabled page for the first place like "http://www.google.com". but this heavily depends on the default settings of your client machines.
Disabling HTTPS on the captive portal page itself will also solve it, but I would never recommend doing so. This will make the credentials visible to anyone within the range of your WLAN.