When you want to export your certificate from server to browser, you need to combine public key and private key together to a pfx(p12) file. You will be ask to choose a password to protect the pfx(p12) file. When you import it to the browser, you will be asked to enter the password again:
$ openssl pkcs12 -export -inkey userkey.pem -in usercert.pem -out xxxx.pfx(p12)
You will now be prompted to enter the passphrase protecting the certificate you chose
Enter Import Password: *****
MAC verified OK