It's up to the server to request a client certificate (the client cannot send it if it's not requested).
Your client keystore will only be used if the server makes such a request. Setting a keystore when no client certificate is requested is not a problem: it just won't be used. The side effect is that the client will send a suitable cert whenever it's requested. If you need a bit more control, you'll need a custom KeyManager
.