You can have it any way you want to, based on your DNS setup. We had to do so many things to get this up and running, that it was a little ridiculous. One thing we did was buy a public cert. The other thing we did was make sure that RPC over HTTPS was working as they both use almost all the same things to work. Here's a link that we followed
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htmOn that website I downloaded that RPCNoFrontEnd tools to make sure I had all the right ports opened and pointing to the right location. We actually had one that was not configured correctly. Once we did all that, and then changed the IIS security which I posted earlier it worked.