What steps are needed to generate a client certificate and configure mutual authentication in Apache?

Generate a client private key and CSR using OpenSSL, then self-sign the CSR to create a client certificate. Convert it to PKCS12 format (`user.p12`) for installation on the client browser. On the Apache server, edit the SSL config to add `SSLCACertificateFile` with the client certificate path, set `SSLVerifyClient require`, and `SSLVerifyDepth 10`. Restart Apache; clients must install the `.p12` file and will be prompted to select a certificate when accessing the HTTPS site.