Thanks for the reply.
I ended up using an internal CA as you recommended. Since the deployment involved two forests, I also had to do a lot of exporting and importing of internal CA root certificates, but in the end everything worked.
I was just hoping there was a simple way of changing the FQDN of the UM services in order to simplify the deployment, like we do for Outlook Anywhere, etc.
Cheers
Victor Davis