So using certificates is a all or nothing approach. If you change to use certificates all services are authorized to communicate using certificates. In more detail, the certificates are not bound to a service but to a machine. So in the scenario that you run more than one service on a machine they will use this servers certificate to authorize the communication.
So it is possible to run all services on one machine and still use certificates but from a security perspective there is no benefit of doing it.
So in a scenario where you have two machines and choose certificates these are used to make sure that the services that try to connect are authorized to do so independent if they are running on the same machine or an other host.
But to remember is that the QVAdministrators group is still used to authorize people on the server running the QMS to get access to the QMC.
I hope this answers your question.