How to publish a CRL for an internal Windows certification authority

I have an Active Directory domain with an Enterprise Root Certification Authority in it; the domain uses a private domain name ("domain.local"), and we also have a public domain name ("domain.com"). The domain contains the following servers:

• dc1.domain.local (Domain Controller)
• dc2.domain.local (Domain Controller)
• ca.domain.local (Certification Authority)
• exchange.domain.local (Exchange 2010)
• fw.domain.local (TMG 2010 firewall)

The firewall has two network interfaces, a private one and a public one, and a bunch of public IP addresses; it's also the default gateway for the internal network. It publishes the Exchange server's web services using the public name "mail.domain.com", and it also acts as a SSTP VPN server, using the public name "vpn.domain.com". All the involved certificates have been issued from the internal CA. This is ok, because all computers which will ever use this domain's services are supposed to trust the internal CA's certificates.

What I need is to publish the internal CA's Certificate Revocation List, because otherwise the Windows SSTP VPN client complains about not being able to check it (I know this can be fixed using a Registry key, but it's difficult to manage globally).
I have issued a certificate containing the two names "ca.domain.local" and "ca.domain.com", I've configured it in the CA's IIS and on the TMG firewall, and I've published the internal CA's web site with the public URL https://ca.domain.com.
But here's the catch: how can I tell the CA to write down in its certificates that its CRL can be found at http://ca.domain.com/SomePath, other than at http://ca.domain.local/SomePath, which is the default configuration?

And also: since this information is embedded in each issued certificate, if I change it, will I need to re-issue them, so that whoever checks them knows where their CRL can be found?