If the client hasn’t met the server before, so he doesn’t know what public key to expect, one must use a third party intermediary to validate the identities involved. In P2P scenarios, you have what are called “key signing parties“, where people exchange public keys through meeting face-to-face.

If the people already know eachother, then, even through an insecure channel, you can use algorithms like Diffie-Hellman to exchange your identities, which you can validate against the information you already had about the identity of that person.

In a common HTTPS scenario, the client may not already know the server, but the server presents a certificate, validated by a mutually-trusted third party, that acknowledges his identity. For instance, Paypal might present you with a certificate that says “VeriSign agrees I am who I say I am.”, and if you trust VeriSign, this “web of trust” as it’s called means you’ll trust Paypal are who they says they are.

In your client-server scenario, the server needs both its private and public key – the public key is used for encrypting the messages going back to the client, and the private key is used to decrypt the messages the client is sending to him.

The server doesn’t usually know who the user is (cryptographically speaking), the client may make a new certificate and public/private keypair for each request it sends. A way to change this is detailed in this IBM article. What ends up happening in usual HTTPS scenarios is a mixture of private and public key encryptions; you can read more about that in this related SO post.

Good luck!