Forum Discussion
It is not clear from your question whether you refer to the client certificate or the certificate presented by the virtual server on the LTM/APM.
If it is the client certificate, then the user has to select which one she wants to present. If there are multiple but only 1 meets the criterion based on the "Advertised CAs" on the connection the the user will not be presented with an option to choose the client certificate.
If you are indeed referring to the server certificate presented by the virtual server, then one suggestion is to have a generic clientssl profile on the virtual server which is not doing any client certificate authentication. Later on in the APM policy add a policy element to do an "OnDemand Certificate Authentication" with the clientssl profile set to the appropriate profile which advertises the CA which you want.
Best.