(A short summary on certificates)

• Some client certificates are generated by an "external" CA -- the same guys that generate server certs. These can be used to show that you are probably who you say you are. The more you pay the CA, the more the server is supposed to believe you (in general). For example, some CA might only issue you a CA after seeing your passport, another might require a fingerprint, another might do a background check. Thawte has (had?) a scheme for strengthening their free user certs using "notaries". In my experience these certs are used by servers as follows: client gets cert, client has cert validated (or "approved", "tied to the actual user in the mind of the server" is probably more accurate) by site running server, cert is now used as auth to server.
• Cert issued by site with server. In this case the site hosting the server issues the cert. This can happen, say, when a company gives employees certs or when you buy access to a site you might be issued a cert. I have used it to authenticate which computers can perform administration on a server, for instance.
• Cert issued by a user. These are problematic as the issuing software is generally signed by itself ("self-signed"). This can cause a problem: who really runs the CA software? If the CA has a certificate signing certificate (generated by a "known" CA such as Verisign or Thawte), then the issuer of the signing certificate has verified the identity of the issuer (in theory).

Anyway, to make a long story short, you probably should stop beating your head against a wall and ask the owner of the site what is necessary.

--traveler