From OD-128 Section 18.104.22.168 (Test 2 part 3):
The purpose of this test is to validate that the ACS and CPE can interact over SSL, using server certificate authentication for the ACS and client certificate authentication for the CPE.
During this test case CDRouter’s ACS will request a client certificate from the CPE as part of the SSL handshake protocol. The CPE must provide a certificate to the ACS to pass this test or the SSL handshake will fail resulting in a failed test. The certificate that is returned is not validated against a specific CA.
Note that a client certificate may need to be installed or imported on to the CPE in order to run this test if the CPE does not have a built-in client certificate.
For more information on client certificate authentication with SSL/TLS, please see this Wikipedia article.