@Ferenc Szabó Since its available in the header, you could just import the certificate as an object and then call VerifyNoRevocation()
on it to validate it.
Then you can use the authentication-certificate policy to set the certificate in the request to the backend.