I want to be able to install a client certificate (via email, for example) and then use that certificate to authenticate requests sent by my app. I have the feeling that Apple won't allow that kind of access, but can't find any definite answer. Is that true, or is there a way to access client certificates installed on the device from within an app?
Edit: To clarify, this is a native app, not a webapp.
Your app can use only what you store in its own keychain (or keychains of other 3rd party apps that share the same provisioning certificate). As for the actual loading we do use openssl (we did write a obj-c wrapper around it) to decode the .p12 that we send to the app.
The certificates loaded in seting->general->profiles are protected in some way only built-in apps (mail, safari) can add stuff there.
To use client certificates in your app you have to implement import of certificate within your app to your app keychain. (note you need to use PKCS#12 certificate format, but you need to register it in your app (search for exported UTIs and Document types) with different extension, other than ".p12", which is already registered by the iOS. I've used .x-p12 in my app) See here: iOS Client Certificates and Mobile Device Management and here: https://developer.apple.com/library/ios/qa/qa1745/_index.html
