I want is to use certs as an authentication system. If the client doesnt have a cert issued by the CA they dont get in. I understan the IIS configuration (i think), but how do they get the certs from the ca without having to request one (ie. without going through the /certsrv process)? Can I create a cert and send it to them?? I dont want to rely on a public ca system like Verisign. CAN IT BE DONE???