Certificate based 'Login'

I have a webmail client that is accessible to the entire internet (lets say /public/) I want to place a login system in /public/ that only allows users with a certain digital certificate (generated by myself/the coder and distributed to all computers required) -- the cert would be the standard ".der" X509 certificate -- or any equal alternative -- MUST BE OS X COMPATIBLE! If the user has the correct certificate, he enters a simple .htaccess password and is then forwarded to /public/[login to view URL] There must be no way around this access! I can easily relocate [login to view URL] to a sub directory if required. Any computer WITHOUT the certificate is simply given an access denied message and thats all. It must be easy to change the certificate of the page (we wish to change the certificate on all the computers monthly, or if a computer is stolen) ## Deliverables 1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done. 2) Deliverables must be in ready-to-run condition, as follows? (depending on the nature? of the deliverables): a)? For web sites or? other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment. b) For all others including desktop software or software the buyer intends to distribute: A software? installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request. 3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement). ## Platform Apache web host (OS X / FreeBSD) OS X Clients Safari / Firefox Web Browser Ruby on Rails installed on webhost