Hey,
By default, RDP will use the self-signed certificate not an internal CA.
Here is a great article about Certificate Warnings:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/remote-desktop-connection-rdp-certificate-warnings/ba-p/259301
If you provide access to external users, I would recommend wildcard certificate from a trusted public CA, to avoid any warnings during connections.
More about certificates in RDS, please refer to this article:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn781533(v=ws.11)
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Karlie