I wanted to create individual Guest Room access for wifi , room number and password utilising WPA/WPA2 802.1x with radius Server

2860Vac Router with 4 x AP900
2860 Router with 1 x AP900 and 4 x AP700

GhostWorks wrote: I wanted to create individual Guest Room access for wifi , room number and password utilising WPA/WPA2 802.1x with radius Server

2860Vac Router with 4 x AP900
2860 Router with 1 x AP900 and 4 x AP700

Are you using the internal RADIUS server or an external one?
I have a 2860ac and a AP910C and from what I can see the 2860ac (firmware 3.8.2_VT2) does not support certificates for 802.1x authentication. The AP910C does appears to offer EAP-TLS though.
Also, have you ssen this guide on using XCA for creating X509 certificates?
http://www.draytek.com/index.php?option=com_k2&view=item&id=2739&Itemid=293&lang=en

I think Ghostworks is trying to use PEAP (Eg 802.1x using username and password), which the 2860 radius does support. Loading a certificate as explained in that guide aweaton linked might resolve the not trusted cert warning as the default is a self-signed certificate. The most widely trusted cert would be from a recognised certificate authority, but there may be a fee to obtain a certificate. There are some free CAs available as well such as http://www.cacert.org/

Currently using Untangle Server with its own landing page with username and password for internet access but that leaves AP Open ( Draytek AP-700's ).

I'm now replacing the AP-700's with AP-900's , and would like to be able to remove untangle Server and utilize the AP-900 Security to allow Individual Codes per Room.

Main reason why We implement Seperate codes is so can change them with out effecting other guest if other hotels / residents in the area find out the access code and use our wifi instead