Different certificates for intranet and internet? How-To?

Yesterday I created a new certificate for a customers Exchange 2010 server. So far that was a minor thingy. I usually created an UCC cerificate for:

domain.tld
autodiscover.domain.tld
servername
servername.localdomain.local

The last two were for intranet access. Worked fine.

However, I found out that there is a new (?) rule that does not allow me to genererate new certificates with "mixed" names (intranet and internet FQDN). See note from GoDaddy below.

Anyway, I have now a certificate that coverd the internet FQDN, but I have none that covers the internal intranet names. There are plenty of tutorials, descriptions and bits and pieces one can find everywhere on the internet, which describe how to configure Exchange with a "mixed" certificate. There is no description I could find which would teach me how I should now proceed with only an internet certificate.

Obviously, cmdlets like Test-OutlookWebServices fail in this scenario on the internal VirtualDirectories.

As I am not as good as I'd like to be on Exchange 2010 (SP2, RU5.2 on SMS 2011) , I am seeking a description/help to configure that Exchange server in a way that would fix all the issues I now have.

I would assume that I'd need to create a self-signed local certificate with certsrv. But then, I'd need to assign it to different virtual directories in IIS. Now IIS is basically a mystery to me, I have to admit. I just spent the whole day figuring out that there was a wrong binding (http::85) on the default web server after I've upgraded to SP2. Most of you guys would have seen that in minutes... 

Back to the cerificate issue... Anyone can help?

Thanks a lot

Dan

-----------

GoDaddy Note (apparently, the originator of that change was the "Certificate Authorities Browser Forum")

Please note: After November 1, 2015, Go Daddy will no longer provide SSL certificates without a fully-qualified domain name or IP address, such as 'mail', 'intranet', or 10.0.0.1. 

The certificate you requested expires after November 1, 2015. If you requested this certificate without a fully-qualified domain or IP address for the common name, you will not be able to use it after that date. We recommend that you begin using registered domain names as soon as possible.