I'm trying to send email using cfmail() and our local smtp server prefers the use of X509 certifcates for authentication and TLS rather than the more usual username/password mechanism. Is this possible is CF11?
I see stuff about keystore, keyalias, etc but that seems more for digitally signing the email. And stuff about recipientcert and encrypt seems more about encrypting the actual body of the email being sent using the recipient's public key./certificate.
I've never done anything with TLS client authentication with SMTP in CF or elsewhere. I would try adding the client certificates to the Java keystore and see if that works, even though it's kind of grouped with mail signing in the CF Administrator. I don't think you should even have to enter the keystore and keystore password if you're using the default Java keystore, but you'll probably have to enter the alias to get the right client certificate.
If none of that works, you could use the time-honored workaround of setting up your own SMTP server locally, and use CF to talk to that instead.