We could not find a document or knowledge base article as to where a CRM 4.0 Customer had installed and was using client side certificates with the REQUIRED flag checked.
It turns out that while you can setup IIS to accept client side certificates selecting the REQUIRED option will break CRM functionality:
- Configuring the Outlook Client
- Load Data function in the Email Router Configuration Wizard
- Async Service Processing System Jobs
- Registering Plugs.
This has been confirmed by Microsoft Support as is not specific to CRM but rather to applications dependent on calling webservices. The only option is to not set the REQUIRED flag, which defeats the purpose of required certificates.