You can configure client authentication to be required or allowed. Verify the setting client authentication settings by using DSCC or by using the dsconf get-server-prop ssl-client-auth-mode command.
User's of migrated 5.2 instances of Directory Server can verify the client authentication settings by checking the nsSSLClientAuth property in the dse.ldif file.
Go to the Directory Servers tab in the DSCC, and select the server from the table.
Click the Security tab and then the General tab.
In the Client Authentication section, go to LDAP Settings.
If you want only the SSL server to require the certificate, select Allow Certificate Based Client Authentication.
If you want both the SSL server and the SSL client to require a certificate, select Require Certificate Based Client Authentication.