When vWorkspace connecting external users through its Secure-IT SSL gateway, the only required certificate is the one, that installed on SSL gateway machine (publicly known). After that vWorkspace tunnels RDP over the SSL through SSL gateway and additional SSL encrption is not required. Please reconfigure RDP-TCP listener on TS/RDSH to negotiate encryption instead of enforcing SSL/TLS. Please see the following Microsoft article for the more information: