Exactly. This is the number 1 problem with captive portals. They often have self signed certificates and when they have a proper certificate, they “capture” the request for a legitimate website and serve their own page with their own certificate. This leads to problems with your browser, correctly, thinking that someone is trying to tamper with your connection.
Some browsers are so strict that they will not let you circumvent the bad certificate to protect you, while Firefox usually allows you to by clicking the ‘Advanced’ button on the warning page.
That is why I said to check if you can see from what domain the captive portal is serving its registration page, because if you use that domain (e.g. portal.nameofyourlocalmall.com), there is a high chance the certificate will match that domain and the registration page is loaded.
Using the bare domainname (nameofyourlocalmall.com) usually works best, sometimes you need to include subdomains and usually you best leave off all the URL parts after the domainname. But… captive portals are notoriously crappy, so YMMV 
In my experience smartphones and other OSes tend to have some sort of provision baked in that tries to detect the use case of a captive portal and tries to circumvent the bad portals’ shenanigens for you. Thankfully/unfortunately most Linuxes tend to not do that for you.