All qpid tools support client-side authentication. This is provided by two options to each command: --ssl-certificate and --ssl-keyfile. The --ssl-certificate option specifies the client side certificate file (in PEM format). If the certificate file does NOT contain the encrypted private key, then the --ssl-keyfile must be specified. It provides for a separate file containing the encrypted private key (in PEM format).
qpid-tool does not support the separate keyfile option.