...
Three key usage types of Standard Assurance Client Certificates are available to subscribers:
...
The key usage type of a particular Standard Assurance Client Certificate is specified in the critical X509v3 Key Usage certificate extension (Digital Signature, Key Encipherment, or both). Other than that, all Standard Assurance Client Certificates are structurally identical.
The various key usage types permit different approaches to key escrow, which typically applies to encryption keys, but not signing keys. In addition to signing and/or encryption, any Standard Assurance Client Certificate may be used for SSL/TLS client authentication, regardless of the key usage type. Be aware, however, that we expect dual-use client certificates to work with the widest variety of software implementations. In any event, organizations are strongly encouraged to test the compatibility of Standard Assurance Client Certificates, especially signing-only and encryption-only client certificates, with relevant devices and software prior to deployment.
...