That is for server side certs not client side. I’m talking about Mutual TLS.

Setting up https is not going to stop bots. All it does is prevent man in the middle attacks. You want to limit who and what can access Jellyfin so that you don’t end up being a victim of an automated exploit.