Well since the certificates have all been signed by the same authority you have to find something else unique about them. Usually you would use the Distinguished Name to uniquely identify the certificate.
Now I was looking through the ssl documentation for apache and it seems there are two different implementations appache-ssl and mod-ssl. I don't know which one you are using but for apache-ssl you can set something like:
The file contains a list of names of clients who are allowed to connect. See http://www.apache-ssl.org/docs.html
I'm sure mod-ssl has something similar.