Brian May wrote:
There is email, however GPG seems to be the more popular approach.
AIUI FOSS people use GPG; within organizations S/MIME is popular for the obvious reason -- your configuration management instructs everyone's desktop to trust the org CA cert, and you don't have to go around updating keyrings every time you hire (or sack) someone. But in that case, the org will issue you your cert; you needn't buy one.
What would you do with a personal digital certificate? I don't think the idea really caught on.
I've seen client-side certs used in a couple of web apps, and I've used them for WPA2 Enterprise EAP-TLS method (cf. EAP-TTLS). But in general they will do the thing where the server generates the client-side key & cert and you download them both in a zipfile. And there's no way to do it properly. Blech. (Some OpenVPN-in-a-box devices do that, too, come to think of it.)