The only SSL certificates which should be required for access through the API are the Constant Contact certificates since our domain is the only domain which has requests being made against it. Since the requests are going to us, and not from us, you should be ok with shared SSL certificates on your end. The only time there would be any question on this front would be if there is ever a time where Constant Contact has to send a request back to your server (such as if you are using OAuth authentication with a callback URL). In that scernario, as long as the SSL certificates are publicly registered and associated with the domain for the callback URL, you should still be all set.
If you have any questions please let us know.