WCF and Client Certificates

[RockLobster]

I've been reading this article about client certs and WCF - http://notgartner.wordpress.com/200...on-with-windows-communication-foundation-wcf/

I understand this article but I'm not sure about this bit: -

Truth be told, this isn’t exactly how it would work in a fully fledged production scenario.

What would actually happen is that the server and client would validate each others identity by following a chain of trust associated with each certificate to a root certification authority which they both trusted (although it might be a different CA for each certificate as Windows can trust multiple). Over the Internet this might be a public one like VeriSign, or it could be a root CA inside the enterprise

We have a root CA inside the enterprise. Does this mean for a client to call a WCF service hosted on a server the client needs to install a trusted root authority?

 

[RockLobster]

Thanks for the reply. So let me get this clear, if a client wants to consume the wcf service they need to be given a certificate from the CA root authority which needs to be installed on the client. And the fact this cert has been issued by the CA this is trusted by the server? Also the root ca needs to be added to the trust stores?