Hello, @ahollifield  I appreciate your response.

I generated the certificate via ISE and entered the same data as the previous certificate. I presume that if you have a wildcard certificate, do you also need to enter SAN fields?  Nevertheless has SAN this wildcard

I don't get why a wildcar, like *.midominio.com, needs a SAN. If you follow mydomin.com, all entries should be validated.

This is the certificate

ISE SIDE for portal

Mobile this ssl no trust only in mobile

Yes this all seems correct.  The wildcard must also have the wildcard in the SAN field.  Are you sure the spelling of the domain is the same?  Is the mobile device time/date correct? What version of Android?   All other devices trust this certificate?

Hi there @ahollifield
I apologize for the delay just to reply me today response.
iPhone It's ok no problem ; the mistake is in the Android mobiles; he attempts to use Android 12 as an example.
I am watching the firs words is bienvenido.xxxxxx.
May be in this case i woukd have to put a SAM bienvenido.xxxxx .
For solve this problem?

Hhey
iPhone It's ok no problem ; the mistake is in the Android mobiles; he attempts to use Android 12 as an example.

My guess is the Digicert/Thawte root/intermediate CAs are not trusted on that model/version of Android.  Try a different Android client.