I am trying to understand the process for securing a webservice. I have set up an https iis web service and require client certificates. Now, as I understand it when I make the web service request I attach my client certificate and the web browser encrypts the request using the web servers public key (which I assume the web server decrypts using it's private key). My question is...

Does the web server automatically encrypt the response...