This is not an error, it's a warning that your client doesn't know whether to trust the RADIUS certificate.
In order to make this work without this message, you either need to be in a fully AD connected environment where your Enterprise Root CA has been pushed to the client prior to connecting to the SSID and the client is part of the Active Directory.
The other option is to pre-configure your Windows clients with the Enterprise CA root, RADIUS server (certificate) name, and authentication settings. In an AD environment, you can push these settings and certificates via group policies, for non-AD systems that is where tools like ClearPass Onboard or Mobile/Enterprise Device Management (MDM/EMM) tools come in the scope.
The underlying security issue is that there is no binding between the SSID and the RADIUS server certificate. You can check this old blog post for more background.