Format required for User-Supplied certificate?
When uploading user-supplied certificate, you can upload a PKCS12/PFX file (password is typically associated with this type of file since they contain private key) or a PEM-encoded text file (password not required).
Is there an existing certificate template (for a Microsoft Certificate Authority) we can use to accelerate deployment?
Development doesn't have experience with these templates, but a quick glance online (http://technet.microsoft.com/en-us/library/cc755033.aspx) at the description & key usage information of the templates looks like the "User" template would work. Its description states "used by users for e-mail, EFS, and client authentication" and key usage is "signature and encryption".
What Key Usage / Intended Purpose attribute(s) are required?
Key Usage - Digital Signature
Extended/Enhanced Key Usage - Client Authentication
What Subject Name attribute is required?
No special requirements.
What minimum/maximum key size is possible?
512 minimum, 15360 maximum tested but may accept larger (larger key size slows SSL handshake)
Deploying User certificate:
Keep in mind that when using user-supplied certificates, the appropriate Trusted Root must be added to the cache server.
Add the trusted root into TPAM via Management > Cache Servers > Manage Trusted Roots.
Then assign the Trusted Root to the appropriate cache server(s) via Management > Cache Servers > Manage Cache Servers, select cache server, then Root Certificates tab.