The service proxy based secure server configuration is not the default way of running the service, because it breaks non-GSI based client (for example web browsers) of setting up an SSL connection.
It is intended for mutual authorization: the service can set up its credentials, that it can include authorization information (e.g. VOMS credentials) for the clients.
Once a client contacts such a service, it can decided to trust it or not, based on a larger set of information.