Hi, see the attached screenshot of the configuration page for the captive portal profile on the controller.
If you´re using the internal captive portal on the controller you can just keep the default certificate for securelogin.arubanetworks.com and the default redirect will be trusted.
To change the redirect IP-address for each controller you can use this command:
(config) #ip cp-redirect-address <IP-address of redirect destination>
Cheers,