By the way, client certificate verification is how you allow authentication to a website by smart card. The user's certificates are only unlocked on their machine when their smart card is plugged in, allowing the browser access to them to pass to the server over SSL/TLS. Then the web server can extract cryptographically verified user identity information from the certificate and authenticate the user.
It's not common, but it's important when it comes up.