if you select 'Use network login' and then say you're using LDAP with TLS then it asks for a CA cert for the LDAP server. the message tells you to copy the cert file into a specific folder. but you can't do that yet! i _think_ the dialog will work if you use a URL for the CA cert file, but the message doesn't suggest that.
If you can't do that on firstboot, you can certainly do that later. There is also a button for the download of the CA cert from URL. The only change I can see is to move/copy the button from the LDAP options dialog to the message box which asks you for the copying.
hmm. why not make it URL only? (if people have the cert locally they could use a file:// URL.) copying a file into a special location sounds a bit 'system' to me! isn't that what this dialog is doing anyway - downloading the file from the URL and copying it to that location for you? then the message can just be a "you must enter the URL of the CA certificate file, for example, http://www.mycompany.com/ca.cert" type of thing. that can pop up if the field is left blank. i think that would work for both the firstboot scenario and the 'regular use' scenario and wouldn't leave users frustrated by confusing instructions on firstboot.
OK, this, or something very similar to your proposal seems reasonable.
Hopefully fixed now.