I have been going back and forth a few times on enabling SSL on MOSS 2007 Web applications and here is the way that I have found to work best.
1. Go to central admin --> Create or extend a new web application --> Create a new web application.
2. Fill in the Web app, DB and App pool names as usual. Select yes to enable SSL on the web application. If you are using host headers for this web app, then enter those too. (Important: Make sure to set the port to 443, not 80).
3. After the web application has been created, reset IIS and then open up IIS mmc. Scroll to the IIS website that MOSS just created for you and select the right SSL certificate from the available certificates (Ask your network folks to generate an internal or external SSL cert for you depending on whether this is a test or prod server). Important: Go to the Home Directory tab and click Advanced. Make sure you set the host header and the right IP for port 80. For SSL entries, select port 443 and the IP. (If you have multiple IP's on the server, I usually pick one here for these entries). Click on the edit button for SSL entries and check the 'Require SSL' box. Also check 'Require 128 bit encryption' to make this more secure.
4. Now go ahead and create your first site collection for this web app. MOSS will automatically create a new site collection for you and present you with a "https://.." link upon completion. You should now have a SSL ready web app.
5. By default, if you want multiple web apps using SSL on the same server - this does not work in IIS 6. If you want multiple MOSS 2007 Web apps to be SSL enabled, there are two ways of going about this. One way is to get as many IPs as you want SSL web apps for that web server and assign one IP per host header settings for port 80 and 443 under IIS Website properties --> Home Directory --> Advanced. The other option is to modify the IIS metabase to allow multiple SSL web apps on the same IP. Be careful with the second option and make sure you know what you are doing.
That’s it! We appreciate your feedback! Please share your thoughts by sending an email to firstname.lastname@example.org.