We don't run a domain, but we sort of "cheat" and set up static entries on our firewall that point back to our local servers. It's not a full dns server; it just has a list of entries that it checks before sending the request out to the ISP, if the entry matches, it redirects the traffic back to the designated LAN IP. That way, when users connect to our FMS, they connect to fms.somedomainname.com which isn't registered anywhere; it's just an entry on our gateway, which is also the dns forwarder for our LAN users. We have a web domain, but don't run a domain internally.
But I'm not sure if that will work because I'm not sure is if a CA needs to be able to see the address referred to by the domain name in the certificate request in order to generate a certificate; or verify it when a user connects. May be a question for godaddy or someone.
Sorry it's kind of a non-answer; as I was typing I kept thinking of more angles and issues.