Hello all, I am building out a MOSS 2007 extranet farm and have some questions on which type of certificates to use on each web applications, specifically those issued by Verisign or issued internally. I know I need a Verisign like certificate issued for any web application I publish externally but what about those that host My Sites, SSP, and Central Admin. Any feedback or good post about this would be great, thanks in advance. Lance

I think does not make sense to use SSL for internal sites. I am using Verisign sertificate just to sign InfoPath Forms.Oleg

Hi,i'm using certificate for web application which published externally, but you don't need using it for internally (SSP,CA,MySite).Best Regrads, Ahmed Madany

Thanks all, I just wanted to make sure that call's to get profile type information would't result in a failure since the certificate would only be trusted within the DMZ.

What certificate to use for MySite, SSP Admin and Central Administration web applications depends on from where you are going to visit these sites. If you want to publish them to internet, you can use the Verisign certificate for them too. If you publish these web application to internet via ISA server and use SSL termination. You don’t need to install certificate on the SharePoint web application, instead, you install the certificate on ISA server. For detailed steps, please refer to the .docx attachment in http://blogs.technet.com/paulpaa/archive/2009/09/23/steps-to-publish-sharepoint-sites-created-in-host-header-mode-hh-mode-with-isa-server-2006.aspx . And for more about SSL termination, please refer to http://blogs.msdn.com/sharepoint/archive/2007/03/06/what-every-sharepoint-administrator-needs-to-know-about-alternate-access-mappings-part-1.aspx . SharePoint WFE will communicate with Application Server with the Office Server Web Services web application. You can install internal certificate for it if you enabled SSL for SSP. According to http://technet.microsoft.com/en-us/library/cc262649.aspx, if you choose to enable SSL for Web services, you must add the certificate on each server in the farm by using the IIS administration tool. Until this is done, the Web services will not be available. If you want to use SharePoint portal site and sites such as MySite, SSP Admin and Central Administration both from extranet and intranet, you can extend the web applications to different zones and install different certificates for different IIS sites. BTW, you also have the option of using certificates with multiple subject alternative names : http://blogs.technet.com/blairb/archive/2008/01/11/how-to-use-ssl-certificates-with-multiple-subject-alternative-names-in-moss.aspx . Gu Yuming TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com

Just to mention something, there are many requirements, security requirements imposed by government agencys or other compliance regulations that stipulate that all websites internal or external require the use of SSL. So to say that "something does not make sense" is a little out there. Please find out the rest of the story!