Commercial certs with split DNS config

[SPF]

In general, how do people handle this?

My goal here is to eliminate any 'cert name mismatch' woes and other user problems associated with using the self-signed certificate.

So..given a single zimbra server accessed in two ways:
mail.company.com x.x.x.x (valid Internet FQDN and IP address used by external employees and the world)
-and-
mail 192.168.0.x (internal, non-routable address used by internal clients. Resolved via internal private DNS servers)

Can a single commercial certificate ever handle this situation? My guess is that two separate commercial certs will need to be purchased and installed?

Will that cause any problems for Zimbra? Can they be installed via Administration console? Thank you.

[aurfalien]

Hi SPF,

Heres my setup.

External DNS via DynDNS (static DNS, not DHCP).

Internal DNS via BIND server.

External DNS resolves mail.foo.com to WAN IP.

Internal DNS resolves mail.foo.com to LAN IP (non routable addy).

I use 1 cert on my Zimbra server from GoDaddy.

The cert is keyed to hostname, not IP addy so as long as both WAN and LAN clients hit https://mail.foo.com, you are fine.

I'm pretty sure all certs are this way (keyed to host name) and not keyed to IP.