...
CertificateAuthenticator does not currently support the storage of the entire certificate, but rather limited attributes such as Subject DN and Issuer DN. Currently, the expectation is that an Authentication system would use these identifier to validate the certificate, though this could change in a future release..
Supported Provisioners
As of Registry v3.2.0, the LDAP Provisioning Plugin will support supports writing certificate information via voPerson (CO-1532).