Once gateway receives the certificate and there is no cached certificate on it, this certificate is saved in the cache. The issue occurs after this happens, because after login the Office 365 page, it will redirect to other Microsoft link and Another certificate with the same DN in this new connection is provided, this time with more alternate names than the saved certificate.
As gateway only check for the DN as the key of the search in cache, it find that it does have this certificate in the cache and use it instead. This causes the gateway to use a certificate containing less alternate names than expected.