Client can access path with "SSLVerifyClient require" without authentication in global settings for vurtual host have "SSLVerifyClient optional".
vulners.com/securityvulns/securityvulns:doc:9652