I am fairly new to SSL implimentations, so please bear with me. My basic situation, is I have a Windows Mobile 5 device, with push technology/active sync, and I want to enable secure communications with my server. I tried to use self certs, but for whatever reason the WM5 device refused to connect. I then configured the default website/activesync to not use ssl, and everything worked fine, albiet somewhat insecurely. So, I managed to find a cheap ssl CA (godaddy.com) who supplied a cheap cert for me to use. The WM5 already has this cert in the root certs, so no extra config needs to be done there, which is great. I have applied the new cert to the server.
However, when I generated the request, the common name for the cert had to be the external domain name i.e: mail.mydomain.com - so I am secure from an external point of view. My question is, seeing that my internal SBS server is not called mail.mydomain.com - but mailserver.mydomain.local - how do I set my device to be able to sync when connected locally to the network, and sync securely over the internet? Would I need two different certs with differing common names? How would I add two certs to the website? I cannot change ssl settings and activesync settings anytime, I want to leave the office and vice versa surely?
I know I may be missing something pretty obvious, so your help would be greatly appreciated.