Resolution:
BW 5.1.2 HTTPS feature verifies whether the client certificate is signed by a trusted CA but it doesn't check whether the client is authorized to access the server application, which app servers like Weblogic and Biztalk do by checking the client cert against some ACL or  trusted client list.

Currently BW 5.1.2 supports only basic authentication. If the user is defined in the administrator and has the right credentials, it will allow the HTTP request. HTTP Authentication field on the HTTP receiver can be used for this purpose.

However, BW does NOT support ACL authentication based on subject-name in the client cert.