Hi,
A wildcard certificate only covers one level of subdomains. For example, a *.contoso.com certificate would cover remote.contoso.com, apps.contoso.com, gateway.contoso.com, etc., but would not cover remote.internal.contoso.com or myapp.internal.contoso.com because those are at different level.
So what you need to do is have your server FQDN be directly under contoso.com OR get another wildcard certificate for *.internal.contoso.com.
If the above was helpful, please click Accept Answer. If something isn't clear please ask in a comment.
Thanks.
-TP