Nova ADC allows mutual SSL, accepting (or requiring) client certificates, validating them, and passing that information on to your backend servers.
In any SSL terminated ADC you may go to the 3rd tab and view the Client SSL options. Here can you specify a CA file (uploaded in Certificate Management on Nova) to use on the Nodes.
Set the mode to optional or required, and submit to apply the changes.
Nova will insert the following headers into the HTTP request to your upstream application with the client SSL details.
X-SSL X-SSL-Client-Verify X-SSL-Client-DN X-SSL-Client-CN X-SSL-Issuer X-SSL-Client-NotBefore X-SSL-Client-NotAfter