To explain the problem,
There are two WS (Web Service) clients A & B running on different servers. The two WS clients A&B are presenting different client certificates but are signed by the same CA root, the WS server is accepting the certificates because it trusts the CA root.
But now the requirement is to restrict the web service request call only to clients from specific server. For example, Only WS client-A has access privileges on Web Service server not WS client-B though they both have certificates from trusted CA root.

Solution required should extract some useful information like server name/DN from the trusted SSL certificate from every WS client and map it to roles may be defined in WAS. Depending upon role mapped the server should accept/reject the certificates. The solution required is supposed be at WAS administration side only without deploying any custom java application.

Please suggest.