Many browsers, such as FireFox and Internet Explorer, require private keys and certificates in PKCS12 format for installation. In order to install client and intermediate certificates into these browsers, you will first have to convert them from PEM format to PKCS12 format. (Note: if you created your certificate using IIS as explained in the previous section, then your certificate is already in PKCS12 format; it can be installed directly into a browser without conversion.)
Like PEM format, PKCS12 format supports having all your certificates and your private key in one file. If you created the file clientprivcert.pem (containing the client certificate, the private key, and any intermediate certificates), then converting the file to PKCS12 is simple:
openssl pkcs12 -export -in clientprivcert.pem -out clientprivcert.pfx
The resulting file, clientprivcert.pfx, can now be installed into all client browsers that will be accessing the cluster that requires a client certificate.
Refer to the Microsoft, Mozilla, Google, and Apple for documentation for instructions on installing certificates on IE, Firefox, Chrome and Safari, respectively.