Here's what I did to configure both htaccess and an ssl cert now this is for vqadmin for qmail and the names have been changed to protect the guilty. In IIS you require a client cert and map it to a user. Then you can use user rights to allow/restrict access.
[CODE]<VirtualHost 192.168.1.100:443>
SSLEngine on
SSLCACertificateFile /usr/local/apache/conf/CA.crt
SSLCertificateFile /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key
SSLOptions +FakeBasicAuth +StdEnvVars
ServerAdmin
admin@domain.com
DocumentRoot /usr/local/apache/cgi-bin/vqadmin
ServerName server.domain.com
CustomLog logs/vqadmin combined
<Directory "/usr/local/apache/cgi-bin/vqadmin">
deny from all
Options ExecCGI
#AllowOverride AuthConfig
AllowOverride All
Order deny,allow
</Directory>
</VirtualHost>[/CODE]