By default, RDP will use the self-signed certificate not an internal CA.
Here is a great article about Certificate Warnings:
If you provide access to external users, I would recommend wildcard certificate from a trusted public CA, to avoid any warnings during connections.
More about certificates in RDS, please refer to this article:
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.