Client side tls certificates are the worst of all the options. They only make sense fully managed or for server to server communication.