Here's what I did to configure both htaccess and an ssl cert now this is for vqadmin for qmail and the names have been changed to protect the guilty. In IIS you require a client cert and map it to a user. Then you can use user rights to allow/restrict access.
SSLOptions +FakeBasicAuth +StdEnvVars
CustomLog logs/vqadmin combined
deny from all