Capture Client Cert presented for Auth

We have a client that is attempting to connect to wM 7.1 via https/cert based auth. I have the certificate loaded and mapped to a user, but every time they try to connect they are coming in as the “Default” user. I am sure that they are either not presenting a cert or presenting a different cert then what I have loaded. My question is, is there a way for me to capture the certificate details of the cert that the client is presenting when attempting an https connection to my IS server?

for getting client cert, you can do on network level, use either wireshark or MS network monitor.

For the default user,
check what acl your “default” user has, and check the acl of the service the client is reaching. if the default user already have the privilege to access that service, it won’t try to authenticate the client, just use default user directly.

Thanks, but capturing at the network level is not an option for me, I don’t have the access to do and those with the access…well that is a long story. Having the client access the system as the Default user is not an option either, they need to authenticate. I was hoping to find a service I could call/create that would log the details of the cert (or what is happening) at the point that the client is attempting to authenticate, similar to the way TN captures the process for rule matching.