If you browse to https://prod.idrix.eu/secure/, you will get the error "Error: No TLS client certificate presented" if you visit in Orion. This site will accept any TLS client certificate that is presented to it. We'll come back to it shortly.
If you follow the instructions in https://stackoverflow.com/a/52006343, you can add the badssl.com client test certificate to your keychain. Once you do that, try visiting https://client.badssl.com in Safari, and you'll be prompted to pick a certificate to authenticate with:
You should get "in" OK and see this:
If you try this in Orion, it will not work after adding the certificate to the keychain.
Going back to that first site (prod.idrix.eu/secure), if you now try visiting it in Safari, you'll get a prompt to pick a certificate, then you'll see this:
TLS client certificates are a handy way to protect high-security systems where you don't need easy public access. If it's possible to integrate with Keychain on Mac, it should be possible to elegantly handle them a bit like Safari does. You can do similar tests in Firefox and most other major browsers like Chrome etc - this is fairly widely supported.