Hi, There is a certificate validation based on the mutual CA this is a 1st factor, the 2nd factor could be checking the common name of the client certificate, probably this requires writing a patch, but probably some has already done that ?
Vitali Djatsuk.