That's great to hear. So everything is now working for you?
But both must point to the master server. Either through a load balancer or the the master server(s) directly.
The openshift_master_default_subdomain, as you probably already know, is used as default host for new routes. So you need a wildcard (*.domain) A record pointing to the node where the load balancer/HA proxy is running. This is typically the 'infra' node. This could be an arbitrary domain name, as long as it points to the 'infra' node in some way, and has nothing to do with the master hostnames, except when you deploy the 'infra' components and 'master' components on the same server(s).
Just as note, as James already commented, I would suggest to use Let's Encrypt certificates, as it reduces the effort to populate your CA everywhere and it's free.