That is a very good question!
Since the last weekend i was asking myself the same
It would be wonderful if someone could explain that to us.
For SSL/TLS encryption it is not necessary to import client certificates. Even your clients don't need to import the server certificate. The connection is encrypted, nobody else than client and server can read it.
BUT: Without importing certificates you can't be sure who is the one on the other end. You can only ensure that a server is the server you think, if you have imported its certificate. Some goes for clients: You can only ensure the client is the right client, if the server has imported the client certificate.
Normally you have certificate that is signed by an top-level certificate. Because top-level certificates are shipped with the clients, nobody needs to import anything.
Now we come to real encryption:
If you want to be sure nobody else reads your messages SSL/TLS is not sufficient, because the server still can read or modify the message. You need End-to-End encryption. Most popular for Jabber are OpenPGP and OTR.
You will find an detailed article about encryption (SSL/TLS, OpenPGP) in German language here: