Under Menu -> Configuration -> Server Settings -> Certificate Based Authentication, you have "Enable Certificate Based Authentication" and "All remote users must use a certificate to sign in" checked? Usually it requires a reboot to take affect.
Also, the user you are logging in with it set to cert based authentication for authentication type right? Are you going to the ePO site over 8007?
Did you resolve your issue? We are running into the same issue running ePO 4.6.7. We have created a user that is required to use a certificate for authentication, however the user is not prompted for a certificate. And when we do use the option "All remote users must use a certicate to sign in" we still do no get a prompt from IE from a certificate but we do get a red message "No valid certicate detected". Any help is appreciated.