I am working with vendor who offers SOAP based web services that I'm trying to use for my company. The web services app/client that I'm builiding will reside on an IIS box, on our company network. The web services require a cert for mutual SSL and another for TLS. The vendor is requesting that I purchase the two certs for this and send the certs to them for installation. I not familiar with how this all works and would like to better understand before I continue down the path of obtaining certs, configuring, etc.
Specifically, I'd like to know if someone can assist in answering the following for me:
1) Are these special certs that I need to purchase?
2) What does the vendor do with the provided certs and what information should I expect to receive from them to ensure a secure handshake?
3) Is the "mutual cert" something that I need to configure (e.g., install on the web server, convert to a file, etc.)
I want to make sure I'm heading down the right path by understand all that needs to happen to form a secure connection with the vendor and what is being requested by them.
Any insight you can offer up would be greatly appreciated!
Software/Hardware used: SOAP Web Services, HTTPS, ASP.NET, Win 03/IIS 6