Philshep,
I ran into the same issue recently at a customer site. Apparently setting the Config Download Host to Custom is only for Downloading the client and the rest of the communication for the server is done to its own Hostname.
Downloading a QR Code reader/scanner will allow you to see what it is being sent to the phone and therefore how the public server doing the test sees the information.
The only way to get this to work, successfully, securely is to use the Split-DNS method with an external MBG; not the one within the MiCollab. We ended up putting one inside on the network edge instead of the DMZ and it worked as expected.
Just cluster the two MBGs together with your MiCollab as the Master and then setup the MBG Connection Token. Make sure the MiCollab is not in the Default Zone, but in a separate LAN Zone and set both weights to 100. The rest of your programming of the MiCollab MBG will be ported over to the Slave MBG and should work without an issue. Of course you will need to apply your certificate to the new MBG as well.
Sorry,
TE