You only need a server certificate for having users authenticate securely
with forms authentication over a SSL encrypted connection. In this scenario
the users are authenticated using their username and password, submitted to
the server over SSL.
Client certificates is not used for securing the connection between client
and server, but only to authenticate users. In this kind of scenario the
users does not submit their username/password for authentication, but
instead uses their client certificate to authenticate.
"Kevin" <anonymousdiscussions.microsoft.com> wrote in message
news:0f7f01c3be60$fe7193e0$a301280aphx.gbl...> Are client certificates necessary for SSL or just server
> The Microsoft help for setting up SSL takes you through
> creating a server root certificate and another server
> certificate and then installing each on all of the
> clients. But other doentation that I have read
> suggests that SSL only needs server certificates and that
> client certificates are only needed for certificate
> authentication. I want to use forms authentication and
> don't won't to force our customers to deploy client
> certificates if they don't have too.