TOPIC: HTTPS Certificates

I have a basic question regarding certificates.

Let's say I purchase a certificate from GoDaddy for mail.domain.com. and I want to use this on my mail server.

Do I need a two certificates? One for mail.domain.com and one for mail.domain.local?

Can I just use one or two wildcard masks?

Which certificate gets installed on the IIS server?

I have an ASA in front of the IIS server, do I need a certificate installed on it?

You can only install one cert per IP (website), I am assuming both addresses would point to the inside? If that is the case I would buy a cert for mail.domain.com and then make an internal DNS alias for mail.domain.com for your internal users to use.

You don't need a cert for your ASA just your IIS Server

Summary
-Buy web cert for *.domain.com - wildcard cert
-setup DNS alias for mail.domain.com on internal DNS server
-no web cert needed for your ASA

Cheers
Rich