It should be possible to use a host certificate and key issued by Certificate Authority. The client should verify whether the issuer of the certificate is a trusted certificate authority, whether the certificate has expired and whether the certificate has been revoked.
