We are over with AD-CA(Microsoft) setup & Zimbra handshake with CA. As it is working perfectly & zimbra client running on https now with valid certificate from CA.

But i want to ensure that if the User have its Certificate
with him them only he will able to access his Zimbra Mail Account using mail client otherwise not.

i searched it but all solutions lead some xml change in JETTY.XML, and that changes are vanished as soon as i over with them and restart ZIMBRA MAIL SERVER.