posted 18 years ago
In the typical case for browsers, HTTPS servers are expecting "anonymous" communication. In this case, the client doesn't have its own keypair. HTTPS defines a protocol for the two sides to communicate using a session-level keypair for the client, created on the fly as part of the communication handshake.
Only if the server is expecting "client authentication" does the client-side need to have its own keypair generated and certificate stored in the client keystore. This is something of a pain to set up; I haven't had to do it in a long time, and don't have the procedures for IE handy, but you can certainly find it out with a little Googleing.
At a high level, tho - the browser's certificate store is a list of who the client trusts, and the keystore is who the client is. If the server doesn't care who you are, you don't need the latter.
Does that help?
Grant
In Theory, there is no difference between theory and practice.<br />In Practice, there is no relationship between theory and practice.