To get a remote configuration certificate issued by one of the certificate authorities you need to prove ownership of the domain you intend to have the certificate issued against. If you do not own "example.com" CA vendors will not issue you a certificate. You can pre-plant a custom hash into your systems that matches an internally generated provisioning certificate, this requires touching the systems with a USB flash drive to plant your customer cert hash into the FW.
MSFT information regarding certificates and SCCM: http://technet.microsoft.com/en-us/library/dd252737.aspx
SCCM quick start guide, see section 4 of the SP2 guide: http://communities.intel.com/docs/DOC-5973
You may actually be able to request and use .local for your provisioning certificate. I just recently went through the process and purchased a provisioning cert for a non-registerable domain from GoDaddy. I just created the CSR using a similar .local domain at it is working perfectly.