No the cert is a specific one generated for workspace.
In the root CA field in the Workspace wizard i have tried entering the intermediate cert and the root cert, both don't work.
I havent tried changing the DNS to the gateway. originally the config was just pointing at the gateway by its host name. I was thinking about trying that but wasn't sure if it would cause future issues when i then want to move to the load balancer