Apache use client certificates managed by IDM

Is it possible to setup Apache on an IDM Client system such that it can authenticate clients (SSLVerifyClient require) using certificates stored in the users IDM account?
I've already got GSSAPI handling user login but this is another layer of security we require.
Struggling to find a reference on how to do this.

Not really wanting to have to deploy the server Cert, keys and CRL list etc to lots of individual VM's if this part can be centrally managed via IDM.

Cheers
Richard