If at all possible, this should not replace the current manner in which client certificates, keys, and CA certificates are presented to the RHC tool.
The user should have an option to either:
1.) Supply the PKCS12 cert and CA cert
2.) Supply the client cert, key, and CA cert as is currently supported