Usually, when we are talking about TLS certificates we are referring to the mechanism by which clients authenticate servers. The reverse, servers authenticating clients, is also supported by both TLS and k6.
To use client certificates you specify global configuration options that tell k6 how to map a public certificate and private key to the domains they are valid for. You can load the certificate and key from local files or embed them as strings in the script.
To load a certificate and a key from local files you use the builtin open(...) function:
To load certificate and key from embedded strings (note the use of template literals for multi-line strings):
The partial certificate and key data in the above example were generated for this particular example, they're not real or in-use anywhere.