@Saikat Nandy 
Thank you for support . I will check in ssh and update you again. 

@Saikat Nandy 

(Cisco Controller) >show network summary

RF-Network Name............................. xxxxxxxx
DNS Server IP............................... 0.0.0.0
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode SSL Protocol................ Disable
Web CSRF check.............................. Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Secure Shell (ssh) Cipher-Option High....... Disable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Enable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Multicast Address : 239.0.0.2
IPv6 AP Multicast/Broadcast Mode............ Multicast Address : ::
IGMP snooping............................... Enabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Enabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 14400 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Enabled
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Mesh Backhaul RRM........................... Disable
AP Fallback ................................ Enable
AP EasyAdmin ............................... Disable
AP Virtual IP .............................. 0.0.0.0
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Web Auth Secure Web Cipher Option ......... Disable
Web Auth Secure Web Sslv3 ................. Disable
Web Auth Secure Redirection ............... Enable
Fast SSID Change ........................... Enabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Link Local Bridging Status ................. Disabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap local-network ......................... Enable
oeap-600 Split Tunneling (Printers)......... Disable
WebPortal Online Client .................... 0
WebPortal NTF_LOGOUT Client ................ 0
mDNS snooping............................... Enabled
mDNS Query Interval......................... 15 minutes
Web Color Theme............................. Red
Capwap Prefer Mode.......................... IPv4
Network Profile............................. High Density Deployment with Data traffic
Client ip conflict detection (DHCP) ........ Disabled
Mesh BH RRM ................................ Disable
Mesh Aggressive DCA......................... Disable
Mesh Auto RF................................ Disable
HTTP Profiling Port......................... 80
HTTP-Proxy Ip Address....................... 0.0.0.0
HTTP-Proxy Port............................. 80
WGB Client Forced L2 Roam................... Disabled

@jewfcb001 So you're using a certificate which expired in Jan 2022.
That alone will be enough for most modern browsers to not trust the connection.  If you use a 3rd party certificate it needs to be trusted by the browser and currently valid!  That means you need to replace it every year. (No CA will issue a 3 year certificate anymore - max validity is 1 year + about a month for overlap)

So you need to update/replace that certificate.

ps: Certificate life times are going to be reduced to 47 days over the next few years:
https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days

• From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
• As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
• As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
• As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

@Rich R 
Can we use locally cert in wlc ? Please give me for cli command.

(WLC) > config certificate generate webadmin

You will still need to get the browser to trust that via an exception (generally works better in Firefox) and you might need to save config and reload the controller for it to take effect.

Note the warning in the config guide:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/administration_of_cisco_wlc.html

Note

We recommend that you use the controller GUI on a browser loaded with webadmin certificate (third-party certificate). We also recommend that you do not use the controller GUI on a browser loaded with self-signed certificate. Some rendering issues have been observed on Google Chrome (73.0.3675.0 or a later version) with self-signed certificates. For more information, see CSCvp80151.

You have 2 issues here.

1. As @Rich R mentioned, you have used a 3rd party certificate for web admin which has been expired a long back. So you either need to get a new cert or else use the locally generated certificate. If you want to use local cert, the command has been already shared with you.

2. high ciphers are disabled - which is not going to be liked by most of the browsers in today's date - 
Secure Web Mode Cipher-Option High.......... Disable ============> This should be enabled.

So if you go ahead and use local cert on WLC and enable the ciphers, the output will be similar to this - 

(Cisco Controller) >show certificate summary 

Web Administration Certificate................... 3rd Party
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. off
Lifetime Check Ignore for MIC ................... Disable
Lifetime Check Ignore for SSC ................... Disable

(Cisco Controller) >show certificate webadmin

Show Web Admin!
WebAdmin Device Certificate details:
     Subject Name :
         C=US, O=Cisco Systems Inc., OU=DeviceSSL (WebAdmin), CN=10.105.193.117
     Issuer Name :
         C=US, O=Cisco Systems Inc., OU=DeviceSSL (WebAdmin), CN=10.105.193.117
     Serial Number (Hex):
         0DB44F5C

     Validity :
         Start : Aug 14 00:00:01 2024 GMT
         End   : Aug 14 00:00:01 2034 GMT

     Signature Algorithm :
         sha256WithRSAEncryption
     Hash key :
         SHA1 Fingerprint  : ec:ed:06:e4:27:d1:6c:7a:25:6d:64:5c:a7:25:b5:4d:39:00:6d:48
         SHA256 Fingerprint  : d3:60:93:a0:d3:20:09:36:90:21:4e:e2:87:25:f4:bd:fe:7c:42:c4:ee:e1:4e:de:9d:a5:ac:24:93:e0:56:d0

(Cisco Controller) >show network summary

RF-Network Name............................. Test3504
DNS Server IP............................... 0.0.0.0
Web Mode.................................... Enable
Secure Web Mode............................. Enable
HSTS Mode................................... Disable
Secure Web Mode Cipher-Option High.......... Enable
Secure Web Mode SSL Protocol................ Disable

Generating local cert as well as enabling high ciphers needs a reload of WLC. So you can plan and get these done in a single reload.

Except it will be Web Administration Certificate not Web Authentication Certificate showing as Locally Generated <smile>

Thanks Rich for pointing that out. Edited with more info.

@Scott Fella 
Thank you for support . I tried from url but still cannot access WLC GUI.