Note that Card Holder Certificate is not yet well supported by the combination of pcsc-lite and GnuPG (bug fixes are needed now).
Note that client certificate is not that common.
Card Holder Certificate (optional/experimental)
Suppose I am at the directory of gnuk-0.12/src.
I did :
$ ../tool/gnuk_put_binary.py ../../tmp/gniibe-crt.bin ../../tmp/gniibe-crt.bin: 1328 Updating card holder certificate Token: FSIJ Gnuk (0.12-38FF6A06) 00 00 ATR: 3B DA 11 FF 81 B1 FE 55 1F 03 00 31 84 73 80 01 40 00 90 00 24
It assumes that admin password is one of factory settings.
You can add -p option for admin password input.
See https://www.privacyfoundation.de/wiki/CryptoStickScute to generate CSR (certificate signing request), and to get certificate.
Convert ascii CRT to binary form, we can use openssl x509 command.
I think that most usages of client certificate is not by certificate authorities. I think that it is OK to sign locally by ourselves with openssl.