I think you'll have to get a Wireshark capture for further analysis.
With Wireshark running on the machine hosting the Ignition Gateway:
- disable the connection that doesn't work
- start the capture
- enable the connection, wait until it's attempted to connect and errored out
- stop the capture
Bonus points if you can do this for the working connection too... I'm guessing these 2 certificates are not the right ones, because it shouldn't be possible that these work for RSA security policies.
During the discovery wizard when you initially set up a connection you usually get presented with a server certificate to trust at the end, so it's possible the server has RSA certificates as well and it was trusted during this step for one server and not the other for some reason.