This post discusses first the most important aspects to consider regarding security, and then, how these aspects are implemented with web services.
What certificate to use or where to get one of these, is perhaps is one the most common question I read often in the MS newsgroups.
Well, for starters, there are many kinds of X509 certificates around, each one for a different purpose. And to make the matters worse, each vendor offers similar certificates with different names.
Verisign, RSA, Thawte and others usually offer certificates for the following purposes: