When you use HTTPS for webservices, to establish a secure connection usually we concern about three things..
1) server authentication 2) client authentication 3) encryption of the ssl connection.
For server authentication, any way you will have certificate generated for its authentication and can be shared with clients.
For client authentication, most of the times certificates are not required. Its optional thing. Usually client authentication may not be required for the webservices unless in some critical cases where server wants to
exchange some financial documents with client and you need to validate.
In your case if you think client also needs authentication, you will have to generate certificates for clients and store in the server.
HTH
Rizwan
SCJA, SCJP, SCWCD, SCBCD, SCDJWS.