Thanks for answer.
I generate CSR on controller, generate certificate with corporative Root sertificate. I upload server's and root certificates and select it in Security > Authentication > L2 Authentication options
CA-Certificate
Server-Certificate
After I install this certificate on PC.
For test I select this certificate for https connction. Google Chrome return error "NET::ERR_CERT_COMMON_NAME_INVALID"
Internet Explorer do not return any errors.
I don't use Radius, I connect controller to LDAP.
I try to disable check certificate in win10, but don't found it. I will search again