Evading Client-Certificate Authentication

["Kevin Vanhaelen" <blowfish448 () hotmail com>]

Hi to all,

whilst in the middle of a Penetration Test I stumbled on a web server only
serving SSL and demanding the client to present
a certificate to identify himself.
I tried to nikto it with sslproxy and browse the site thru paros both with a
temporary Verisign personal certificate.
No such luck, the server keeps bouncing me off. Even vulnerability scanners
like Nessus and Retina don't get passed
the port-scan portion.

Does anyone have an idea to further assess this server? Am I looking at a
mission impossible here maybe?

Thanks,

~kevin