Mutual SSL for end user client certificate authentication

Hi all,
We have a requirement that we want to enable Mutual SSL to restrict only client/server with a valid client certificate( trusted CA with specific cert DN/fingerprint) is able to call the microservices being exposed. May I know if Istio is capable for doing that?