Pretty much, yeah. :) We put "real" certs on
public-facing sites, but
just haven't bothered with what is essentially our tech department
intranet. (But since we're crazy people it's open if you want
to look at
it!)
Wouldn't it be safer, and more convenient, to have internal sites use an
internally created CA instead of self-signed certificates? At least then users
would simply have to trust the CA once and not get the warning on other, or
future, internal sites.
V/r,
Ryan Lane