We are using client-side SSL certificates extensively for API as well as browser-based single-sign-on for 20+ employees on a smattering of Mac/Linux/iPhone/Android devices. Definitely some ramp-up and wonkiness, but it's working well.

Also worth noting that infrastructure components like Cassandra [1] and RabbitMQ [2] leverage PKI as well.

Checkout our Jenkins client-side SSL cert auth plugin: https://github.com/pantheon-systems/certificate-authenticati...

[1] http://www.datastax.com/documentation/cassandra/1.2/index.ht... [2] http://www.rabbitmq.com/ssl.html