1. Generate a CSR for your controller matching its hostname internally
2. Issue a Certificate from your own internal CA that you trust based on that CSR
3. Upload it to the controller
4. Always browse to the controller's GUI using the controller's dns hostname.
5. The error should go away, as a result.