I have not tried both, so I did not experience this problem. I do know SSL client certs do not work well, and wanted to work on building my own solution that does what StartSSL (an OpenID endpoint with SSL-cert based authentication). Does anyone know of ways to do this?
Nginx supports client certs[1], so I'd say the easiest way to get started is to get some free OpenID server (SimpleID[2] seems maintaned) and configure nginx to require cert authentication to access the login path.
I'd do it myself, if I used OpenID more than once every two months or so.
