The use case I had when I implemented client SSL authentication was to secure a web interface for a centralised log service that I was running. I wanted it to have it available, securely, on the public internet. I implemented it using nginx's ssl module.
I only had this available for 4-5 developers. I think I'd only attempt to use this for anyone who is comfortable with SSH keys or if it was an API client. I think the technical bar is a little too high for anything else.
I wrote some scripts, which I've pushed to a public GitHub repository: olly/heracles. The README is a mix of actual commands that work, and thoughts for how things could be configured. The idea was for it to generate CAs, server certificates and client certificates, and store them in a git repository for easy backup. There in a fairly rough state, but what's there works and I had tested on a real setup.