API Calls made from browsers using HTTPS can be requested to choose a certificate to authenticate itself with even through the resource/policy itself does not use mutual SSL Authentication. This can be confusing for some end users unsure why a certificate choice is requested and which one should be selected.
During SSL Handshake, prior to policy being resolved, the client can be requested for a certificate. If the client is a browser and it's keystore contains more than one certificate then a dialog will be displayed asking user to choose which certificate is applicable.
HTTPS API calls made from a browser.
In Policy Manager, examine 'Tasks -> Manage listen ports', select SSL port in question and navigate to 'SSL/TLS Settings' Tab. If Client Authentication is set to optional or required then during SSL handshake a certificate will be requested, which might result in a dialog being displayed. To stop the request set Client Authentication to none.
If polices require certificate based client authentication then setting value to none will cause them to fail, consider running mutual authentication policies on a separate port.