Microsoft
MicrosoftHi Will! What you're inquiring about is a bit different than what this post was geared to address. You're wanting to know more about an actual RDS deployment vs. ridding yourself from the "annoying" cert warning popup. But that's ok, I can point you in the right direction to start. Begin with this article here -https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn781533(v=ws.11)
Keep in mind on how RDS works. Hitting the RDWeb server and opening a collection will take you to the gateway to process any conditional policies, then pass it to the broker for directing to the proper session host. SAN entries are used, not the CN of the certificate.
From a security / PKI perspective wildcard certs aren't generally recommended. You add more risk that way. I'd focus on leveraging a SAN certificate that contains all the FQDNs of the RDS Servers. The behavior you're seeing has to do with how RDS roles process the traffic/certs. Technically speaking, your wildcard certificate should be fine as long as the *.acme.com entry is in the SAN field...AND...the internal FQDNs of servers are also acme.com. Choose the option that fits your business needs...what does your security team say? Are they willing to accept the additional risk? If so, make sure the wildcard SAN is correct.
If you continue to have issues in this particular situation, I advise you open a case with CSS.