So I got accepted into the MintChip Challenge, but unfortunately I don’t have a supported mobile device (Android, iPhone or Windows Phone), so I’ll have to use the Hosted API. I’m planning to use JavaScript/PHP for interacting with the API. The only problem is that when I try to request data, I get a 403 error meaning the API understood my request but chose to reject it.

I do know that all requests require SSL and signing with your provided certificate. I also know my certificates are valid and imported to my browser correctly, because I can get into the Hosted API and see requests directly, by hitting any of the URLs, i.e.:
https://remote.mintchipchallenge.com/mintchip/info/json

So the big question is, can Apache Web Server itself be signed for all requests the same way my browser can be, to enable server-server signed requests. Short of that, does PHP have any library or utilities for importing an x.509 certificate and signing your request with it?

I’d usually use JSONp to do a client-server request to a JSON API, which would get around this need, but understandably JSONp was seen as a security risk and thus not supported by MintChip. I also can’t think of any other API that requires this level of security for every request, usually just BASIC Auth or ws-security or something, is this overkill and does it even make things more secure? General info questions are not usually looked at favorably as I already have a warning on this question before even posting but maybe some Security professionals have more info on how to sign Apache Web Server, force SSL for all requests from a particular directory, protect keys while storing them on the server, using x.509 via PHP, etc? Thanks for your help.

(UPDATED: 2012-05-04, change title to reflect the fact that you sign requests with your private key, and they would of course be decrypted with your public key)