Back in September, I set up web authentication via signed certificates [1] but it was primarily a manual process. After creating the certificate authority (and installing the certificate authority into my browser so it wouldn't complain), I then generated a certificate request (on the command line), signed the request (on the command line) and installed the freshly signed certificate into my browser, so I could use that certificate to authenticate myself to my webserver.
If that makes any sense.
Anyway, it is possible to have this handled automagically between the browser and webserver [5], but sadly, there isn't much information out there about doing so. I only found three pages with any real information; two cover the same material, and one just covers part of the openssl command required to work with this stuff.
And of course, it doesn't work with IE (Internet Explorer) (thank you so much, Microsoft [6]).
[2] http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080714/07ea5534/attachment.txt
[3] http://old.pseudonym.org/ssl/ssl_nsclient_certs.html
[4] http://www.openssl.org/docs/apps/spkac.html
[5] http://www.flutterby.com/archives/comments/11692.html#artid_40323