Option clientCertificateKeyStoreUrl with empty value (i.e. "") must throw an Exception.
If set, option clientCertificateKeyStoreUrl must be a valid keystore url value.
At the same time, options concerning keystore and truststore like "trustCertificateKeyStoreUrl" are very confusing. It would be better to use java-ish named, and keep current names as alias for compatibility with existing version and mysql. (option "trustCertificateKeyStoreUrl" may be "trustStoreUrl" or "trustStore")