Ah so your root problem is that Thunderbird thinks your certificate is invalid because it is for a different hostname, yet you have said "The certificate allows, and is functional for both."
So which is it? The certificate works for both host names, or the certificate doesn't work for both host names? As far as I know you would need a wildcard ssl certificate for that to work properly.
Depending on your user base size, you could look into installing
Remember Mismatched Domains, but getting the wildcard ssl cert working would probably work better for you.