Hi. you mean OCUM access to the cluster with a Client Cert and not a user? if so, i don't think it's possible.
Also from sec point. i think that ther's much different if the client cert saved in OCUM getting stolen or a password/api key saved in OCUM getting stolen.
Client cert is mainly useful when you have a token device or a smart card to protect the key. if the cert is unprotected - it's not much different from an unprotected password (well -after a re-think: at least for common attacks. as the private key will also not go over the wire as password do on the authentication. but that goes encrypted channel anyway)
Gidi.