Indicates the DirectAccess server or NAT public (if DirectAccess server is deployed behind a NAT) address that clients connect ...

Indicates the DirectAccess server or NAT public (if DirectAccess server is deployed behind a NAT) address that clients connect to. Specified as hostname or IPv4 address.
When the ConnectTo address is changed the SSL certificate is also changed appropriately. Following are the rules associated with assigning a proper certificate
1. Cmdlet looks for an appropriate SSL certificate on the computer. 
2. If an appropriate SSL certificate is not found then a self-signed certificate is created. 
3. In a load balancing scenario if all computers are up and an appropriate SSL certificate is found only on some computers then the cmdlet fails the operation of changing the ConnectTo address. If none of the computers has a proper SSL cert then a self-signed certificate is created on all computers and the ConnectTo change goes through. If one or more computers are down then the certificate is updated only on the other computers. But the DirectAccess server Group Policy object is updated to ensure that when these machines come up load balancing is in stopped state on them due to a certificate mismatch. For the certificate change (and in turn the ConnectTo address change) to take effect the admin needs to install a similar certificate on them and re-run this cmdlet 
4. In a multi-site scenario, the cmdlet doesnt create a self-signed certificate and always expects a proper certificate to be present on the machine itself.
The ConnectTo address is applicable per-machine or per-site (in the case of multisite deployments)