Connector/NEt currenly only accepts PFX files (we are planning to extend to more formats like PEM in the future).

From http://dev.mysql.com/doc/refman/5.0/en/connector-net-tutorials-ssl.html:

With PFX files, you can use a connection string like this:
using (MySqlConnection connection = new MySqlConnection(
"database=test;user=sslclient;" +
"CertificateFile=H:\\bzr\\mysql-trunk\\mysql-test\\std_data\\client.pfx" +
"CertificatePassword=pass;" +
"SSL Mode=Required "))
{
connection.Open();
}

(The tutorial also explain how to use openssl command line to embed a certificate and key from PEM into a PFX file.

Connection strings options:
http://dev.mysql.com/doc/refman/5.0/en/connector-net-connection-options.html

PS. Just to clarify, Connector/NET uses CryptoAPI but only thru the standard assembly System.Security.Cryptography (which is in the GAC in any standard .NET distro), so you shouldn't have problems running in medium trust enviroments, otherwise let me know.