Hello!
the problem is when local domain and external domain are different and SSL certificate has to be got from third part commercial certificate authority.
for example internal domain is: internaldomain.local
external domain is: externaldomain.com
SSL certificate must include internal and external names, but it is not possible in most cases get such certificate from commercial certificate authority , because they can certificate only external domains.
So it is not a problem when a company has its own CA, in this situation SAN certificate can be generated and it works well but what if only the commercial certificate can be used?
what Microsoft recommend to do in such situations?