This work was started during my diploma thesis which might be helpful for german readers to understand the architecture and goals of pyCA.
If you’re eager using LDAP as certificate repository you might also consider using web2ldap for accessing your LDAP data via WWW.
What to do with client certificates? Here are some examples:
You can use client certs for strong user authentication with SSL capable web servers, e.g. ApacheSSL or Apache with mod_ssl.
You can use client certs for strong user authentication with some SSL tunnels, e.g. stunnel.
Or how about some client-cert based mail-relaying rules for the postfix-MTA patched with Postfix/TLS? Quite helpful for your mobile users!