Presuming that the certificate is from a trusted certificate authority, once you enable force encryption, every client connecting will be encrypted.
Keep in mind, the force encryption setting does exactly that, applications will NOT be able to connect to that instance without using encryption. As for changing them, you may not need to do anything, it'll depend on the application.
But you are correct, you will want to test this, ideally in a QA / test type environment first, as some applications might need changes to their connection strings. We're required to use force encryption and when we first enabled it, the applications using ColdFusion needed a change to their connection strings before they'd connect.
In general, .NET type applications will happily switch to encrypted (ex, SSMS you won't need to do anything.)