The CPPM HTTPS Server Certificate is from a public CA, and botht he intermediate and root certs are installed. What controller cert are you referring to? The only cert I'm aware of on the controller is used for the https management interface.
The initial page itself validated just fine in the Apple CNA (and every other browser / device I've tested). We have a checkbox to accept terms, and a submit button. Pressing that submit button generates the error message I previously included.
My understanding was that this form gets posted to "securelogin.arubanetworks.com" by default, per the "Address" field in the CPPM Guest Web Login configuration.