If your controller does not have a valid SSL certificate you need to change Web Auth redirect URL to be non-https so web users dont get ssl warning.(Cisco Controller) config> network web-auth secureweb disableor you usually may change SSL setting ...