All users are domain users, but most clients are non-domain Windows and Macs, so I have a public 3rd party SAN certificate. It is not a .local domain.
The SAN certificate
rdsgateway.mydomain.com (gateway and web access server)
rds1.mydomain.com (desktop host)
rds2.mydomain.com (desktop host)
rds3.mydomain.com (desktop host)
I have attached the SAN certificate to all roles in the deployment properties, and they all have a level of Trusted and status OK.
Still, when i open the desktop collection rdp file in RDweb, i am prompted to accept the certificate for rdsbroker.mydomain.com. It is the correct certificate (desktop.mydomain.com) but it does not seem to accept the alternate name rdsbroker.mydomain.com.