Client certificates are a bit sick due to overhead associated with use.
According to Yura, you will need a target server that uses client certificates as an authentication mechanism. This server side side should not be based on CF. For example, a web server (IIS, for example) will be configured this way. This is part of the SSL / TLS protocol and is not related to any language at the application level.
You would use this if the server you are requesting for the resource requires client certificates. The administrator of this server will need to provide you with a client certificate and private key in advance. As already mentioned by user 349433, this is usually a PKCS12 file (.p12 or .pfx).
The server will verify that the client certificate is "trusted", and if so, this will continue to allow TLS / SSL handshaking, and CF will be able to write an HTTP request on top of it.
Today, the precedent is to prevent man-in-the-middle attacks, but because of the overhead associated with the distribution of certificates, revocations, etc., this is not very common.
If you want to know more about this, check out the TLS 1.1 specification:
http://tools.ietf.org/html/rfc4346 http://tools.ietf.org/html/rfc4346#section-7.4.6