Well, for us that is not an option as the client certificate authentication is handled by a firewall, not the Exchange 2007 server. No external connections allowed to internal systems without a client cert...