As Darran said certificates are only exchanged on establishing/negotiation of SSL connection.
However you can configure your server and application to force re-negotiation of SSL connection with requesting the certificate.
in undertow subsystem on https-listener set verify-client="REQUESTED" not REQUIRED as you probably have now.
next thing is to configure your application.
to your web.xml add something along this lines:
where url-pattern should be part of your application path that requires client certificate.
probably something like /protected/*