We are running Exchange 2010 in SBS 2011. We have a Netgear FVS336 router with dual WAN, and two separate ISPs, set up as a rollover in case the faster one fails. We have a self-signed cert that SBS created when we put the server into production.
I have two MX records. One points to mail.domain.com, and the other to backupISP.domain.com. Each of these domians points to the appropriate IP address for the WAN connection. I have also configured the router to route from both ISPs to the server. Email comes in on whichever WAN is active with no problems. Users can access OWA and RWA using either mail.domain.com or backupISP.domain.com, whicher is active. However when they try to connect to their computers on the backup ISP, TS Gateway does not permit because the certificate name does not match the URL for the backup ISP. Can I 1. create a second self-signed cert for the backup ISP without disturbing the first, or 2. modify the current cert, or 3. create a new cert that will include both subdomains?