Reading the OpenSSL FAQ I learned that you can issue the following command to get a list of the acceptable client certificate CA names from a server:

openssl s_client -connect test.jj5.net:443 -prexit

Obviously you replace ‘test.jj5.net’ with whatever server you’re interested in.