You purchased a single-name cert when technically you should have purchased a SAN cert. It's still possible to use a single-name cert, (SBS 2011 uses a single name cert with Exchange 2010) but it's more complicated to set up.
At this point you need to use powershell to change the Internal/ExternalURL values for the WebServicesVirtualDirectory and several other virtual directories (although the others can be set in the GUI--you may have already done so). That URLs all need to match your cert, but right now the internal URLs still match your internal server name.
You will also need to change the AutodiscoverURI seen when you do a Get-ClientAccessServer so that that URL matches the cert too.
Lastly, you'll want to create a new forward lookup zone in your internal DNS that matches the name on your cert. So if your domain is monkeybrains.com and your cert is poo.monkeybrains.com, then you will NOT create a new forward lookup zone for MonkeyBrains.com and add an A-record for "poo". Instead you will create a new forward lookup zone for "poo.monkeybrains.com" and then create a blank (or @) A-record that points to the internal IP of your mail server. That will allow the name on your cert to be resolved internally as well as externally without disrupting your users ability to reach other monkeybrains.com websites.