I'm looking for some direction on setting up client certificate security. I know about setting up server SSL for HTTPS, which is related but not quite what I'm looking for.
A while back (10 years ago), I did some payroll processing using ADP and their web page interface to enter payroll information. When I signed up with them, they sent me a personal certificate I had to install on my computer/web browser which was part of the login process. If I didn't have that installed, it didn't matter if I had the right username and password at all, it would refuse to let me in. (This is discussed at https://support.adp.com/front/security.htm
That's security is what I'm trying to set up now at a company I'm working for. I have an Apache web server on Fedora. I'm assuming the steps would be to create individual certificates for each user (only 5 people, not a big deal), then somehow with the PHP code for my login process, test for the presence of their personal certificate on the client end (not just any certificate, but one that was assigned to them I assume).
Can anyone point me to a resource that talks about this process, or any leads?