I've implemented two projects using SSL Client Certificates in the last few years, and one of them, a B2B kind of thing, has been live for a couple of years with several hundred customers using it day-to-day. Some times it works great, and other times it is an intractable pain, and the browser UI is a pain, and the end user doesn't really understand it at all. These are not high-tech people. They don't put passwords on their keyrings, they forget they're there, they buy new computers and give the old ones away and then their new PC doesn't work and they panic! For a small number of customers (<1%) it never really works on at least one of their PCs and I have no idea why.
I think it is a bit of a chicken and egg problem: no-one uses them because no-one understands them, and no-one understands them because no-one uses them. The certificate management UI is also awful, which doesn't help.
I think it is a bit of a chicken and egg problem: no-one uses them because no-one understands them, and no-one understands them because no-one uses them. The certificate management UI is also awful, which doesn't help.