If you have your own CA that you use, you can enable the feature on the CA to issue SAN attributes on your own certificates. If this applies and you need more help getting that going, just ask a followup and I'll get you squared away.
If you dont' have your CA and aren't ready to at this point, then on the public end look for the same type of thing - many different names like SAN, multi-domain, some just clump it into Unified Communications (UC). My recommendations are Godaddy and Comodo.
Wildcards wouldn't work as the domain name doesn't match.
Internal SSL is a good thing - we use it very heavily here for SOX, HIPAA, etc. compliance.
Either way, if you use your own or a public SAN cert then be aware of a minor caveat: include the subject name for the certificate in the SAN (Subject Alternate Name) list. for example:
You created a certificate signing request (CSR) for the Subject = Spring.ad.quest.com
When you get to the step where it gives you a large text box to enter in the values, include Spring and any other names you want, but also include Spring.ad.quest.com here as well.
Note you can include IP addresses too, if you want ;) Some commercial CA's might not allow that, but with your own you definately can.
