Dear Shamz,
What you are experiencing is very normal as explained below..
IPhone uses the mini popup browser once it detects a captive portal. This is not a full fledged browser and it automatically closes one the user goes to check the SMS or clicks outside. Usually, we recommend to remove the requirement for auto detecting the captive portal once you want to do SMS verification so a user will need to open the web browser to complete the authentication. You can as well build an advanced logic on ClearPass to temporarily grant access and then do the verification after some time once they receive the SMS. You however will need to grant them temporary access without validation...
As for https issue, it is also normal. If the client device initially requests an https website (example https://www.google.com) then it is expecting the response to come back from Google. If on the controller, we are redirecting https traffic to ClearPass, then ClearPass will reply instead of Google and thus the client browser will notice that the certificate doesn't match the Google certificate and will display a warning for the user. This is the right behavior because we are intercepting the https session. To avoid this issue, you need to disable https interception (don't redirect it to ClearPass in the initial role) so the user will not get a certificate warning. The user will need to open an http website to get redirected to ClearPass Guest Portal.