You can get a certificate that uses Subject Alternative Names (SAN certificates) that include more than one hostname as well as the CNAME that references the does the round-robin DNS or that points to the load balanced IP.  That approach is a little more specific than a wildcard certificate option...which is another option.

If you have only internal connections inside of a secure network then you could get away with using a CA server internal to your organization. For example we have a Windows 2008 server with the CA role that can issue these certificates. Below is a good link for creating a certificate template that will work, and another link to a great post covering how to request the certificate from your connection server.

Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 5.x (206...

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=20209...

If you are allowing external connections with a security server or EUC access point then you will likely want a third party certificate from GeoTrust, GoDaddy, etc.. Here is a great review of how to get one of these setup and secured:

VMware Access Point – Carl Stalhood