Look at
https://docs.vmware.com/en/VMware-Horizon-7/7.8/horizon-scenarios-ssl-certificates.pdf
and
https://www.carlstalhood.com/vmware-unified-access-gateway/
it may be possible, but I've never needed to do it. In the uag part I think you just need to get the internal connection server thumbprint and place it in the section carl mentions
https://www.carlstalhood.com/vmware-unified-access-gateway/
I could swear, at least at one point there was a problem with pcoip if you didn't use the same cert on every component. Thant may have changed.