RD Gateway and not being able to purchase SAN Certificates with internal domain names
I am looking for a solution to get around the problem of not being able to purchase a new Subject alternate name SSL certificate (SAN Certificate) that contain internal (not fully qualified) domain names. EG servername.internal.local
Currently I am using a number of TS Gateway setups (or RDS Gateway for those using the new lingo) and have SAN certificates with the public DNS name then with the internal server names listed for the servers that we are connecting to internally. Now that the CA\Browser forum rules have come into affect CA's are not issuing certificates with internal DNS names.
The last thing I want to consider is changing the internal domain name and I don't want to use self signed certificates as a number of these are accessed by people that I do not control their desktops.
Does anyone have any ideas? Is there a way to change Gateway services to not use the internal server name but an external name using DNS trickery?