When setting up RDS farms, you can setup your workspaceid, to match your FQDN, and then buy a certificate, that matches that, to your broker – fair enough, but when the broker redirects to your RDS Hosts, you will eventually, get a certificate error, because the RDS host use a self-signed .local certificate. So you may then think, let’s go and install a real certificate on our RDS host, then you ex. get that rdsh01.domain.local does not match certificate *.domain.com 
They can easily be solved by implementing “Disjoint namespace”, that in short does that you can use your real certificate on the server, even though it’s joined to a .local AD 
So:
– Join then server to your AD
_ Go into the settings for the domain on the server and change the DNS Suffix, so instead of rdsh01.domain.local, write rdsh01.domain.com, after this, it’s still domain joined, but you can install a real certificate on the server
Fully supported by Microsoft, here is an article about it and it’s pro’s and con’s:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/disjoint-namespace
Tested på RDS/WIN 2019 OK