I am sorry, I do not understand what you mean by 'client certificate'. When obtaining an unauthorized request token, the only data that you need from Constant Contact is your API Key and Consumer Secret. The rest of the parameters that need to be included can be created through many OAuth Libraries and are not given by Constant Contact. The full list of parameters for this request can be found here, and they are:
oauth_callback - URL to which our service should redirect the user after authorizing the request token. Specify "oob" if there is no callback url (ie, desktop application)
oauth_consumer_key - Your API Key
oauth_nonce - A random string (see tools.ietf.org/html/rfc5849#page-17 for more details)
oauth_signature_method - We only support "HMAC-SHA1"
oauth_timestame - Timestamp of the request, expressed in the number of seconds since January 1, 1970 00:00:00 GMT
oauth_version - Should be set to 1.0 (This is the value that should be sent per OAuth 1.0a spec)
oauth_signature - A string value that is a signature of your request signed using your application's consumer secret (for more information see tools.ietf.org/html/rfc5849#page-18)
... View more
