Using local Apache server to serve helloworld.php. Made the following changes to the file:

$username = ... changed this to the visa username used to sign into the developers page

$password = ... the password used for above

$cert = the path to cert.pem generated by Visa developer for this project

$key = the path to the private key also generated by the Visa developer

Result is a 401 error.

Note that the approach used in helloworld.php seems to violate basic cryptography security rules. 

My understanding is that two way SSL requires 4 keys. Party A (Alice) would have a public and private key. Party B (Bob) would also have a public and private key. When Alice sends a message to Bob, she uses Bob's public key for encryption. Bob would decipher the message with

his private key. To return a message, Bob would use Alice's public key. Alice would decipher the message using her private key. The two public keys are made public. The two private keys are kept secret. 

In this helloworld example, it appears that I am supplying a private key, which is a no-no. Perhaps this is just for test purposes and not how a production request is made.