Just a small post so I can remember this to the next time.
If you want to get rid of the warning when using published applications with Remote App on Windows Server 2012 R2 you will need to configure the following.
On the server hosting your RD stuff, start server manager and find the remote desktop section. Check that the broker publisher has been configured with the correct certificate.
Set the GPO for your users to trust the certificate used for signing the remote apps. Just start gpedit.msc and find the entry displayed below under User Configuration.
To get the thumbprint of the certificate you are using on the Remote Gateway server run the following PS command on the server.
Get-ChildItem -path Cert:\LocalMachine\My
It goes without saying that your clients will also need to trust the root certificate of the one you are using to publish RDWeb with. I’m using my internal PKI, and my clients automatically trust this. If not you will have to import the root certificate into the trusted root store.