Please see here:
https://support.apple.com/en-in/HT207828
and here:
https://www.thesslstore.com/blog/crypto-ssl-improvements-high-sierra-ios-11/
It won't let you connect to a certificate that is expired, and "
Certificates signed with SHA-1 and/or using private keys under 2048-bits will no longer be trusted on High Sierra, iOS 11, watchOS 4, or tvOS 11."
I am not sure what the default certificates and the private key size is by default for your version of ArubaOS on the internal captive portal, but if it does not satisfy the statement above, that might explain it.