There should not be any additional action needed on your end beyond configuring the X509IdentityProvider when building your OpcUaClientConfig.
When I try to reproduce this with the UaCPP Demo server with trace logging enabled I get some kind of problem with the certificates but I don't know exactly what it's complaining about.
I did notice there is a bug in the X509IdentityProvider when connecting *without* security but that doesn't apply to you (or this test I've set up).
13:54:18.469Z|4|28AC* ==> UaServer::ActivateSession [Request=1]
13:54:18.469Z|4|28AC* CALL OpcUa_Endpoint_GetMessageSecureChannelId
13:54:18.484Z|4|28AC* DONE OpcUa_Endpoint_GetMessageSecureChannelId [Result=0x0]
13:54:18.484Z|4|28AC* CALL OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy
13:54:18.484Z|4|28AC* [uastack] OpcUa_SecureListener_ChannelManager_GetChannelBySecureChannelID: Searched SecureChannel 03B1FCF0 with id 1886548749 refs 3!
13:54:18.484Z|4|28AC* [uastack] OpcUa_SecureListener_ChannelManager_ReleaseChannel: Searched SecureChannel 03B1FCF0 with id 1886548749 refs 2!
13:54:18.484Z|4|28AC* DONE OpcUa_Endpoint_GetMessageSecureChannelSecurityPolicy [Result=0x0]
13:54:18.484Z|4|28AC* CALL OpcUa_CryptoProvider_Create
13:54:18.484Z|4|28AC* DONE OpcUa_CryptoProvider_Create [Result=0x0]
13:54:18.484Z|6|28AC* --> UaSession::startingServiceProcessing [ID=1885512568]
13:54:18.484Z|6|28AC* <-- UaSession::startingServiceProcessing - activeServiceCount = 1
13:54:18.484Z|6|28AC* ActivateSession passed X509IdentityToken
13:54:18.484Z|4|28AC* CALL OpcUa_CryptoProvider_Create for User
13:54:18.484Z|4|28AC* DONE OpcUa_CryptoProvider_Create for User [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.GetPublicKeyFromCert
13:54:18.484Z|4|28AC* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.GetPublicKeyFromCert
13:54:18.484Z|4|28AC* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.AsymmetricVerify
13:54:18.484Z|4|28AC* DONE cryptoProvider.AsymmetricVerify [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.GetPublicKeyFromCert
13:54:18.484Z|4|28AC* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.GetPublicKeyFromCert
13:54:18.484Z|4|28AC* DONE cryptoProvider.GetPublicKeyFromCert [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.AsymmetricVerify
13:54:18.484Z|4|28AC* DONE cryptoProvider.AsymmetricVerify [Result=0x0]
13:54:18.484Z|4|28AC* CALL cryptoProvider.GenerateKey
13:54:18.484Z|4|28AC* DONE cryptoProvider.GenerateKey [Result=0x0]
13:54:18.484Z|4|28AC* [uastack] OpcUa_SecureListener_ChannelManager_GetChannelBySecureChannelID: Searched SecureChannel 03B1FCF0 with id 1886548749 refs 3!
13:54:18.484Z|4|28AC* [uastack] OpcUa_SecureListener_ChannelManager_ReleaseChannel: Searched SecureChannel 03B1FCF0 with id 1886548749 refs 2!
13:54:18.484Z|6|28AC* --> SessionManager::activateSession
13:54:18.484Z|6|28AC* --> UaSession::setSecureChannelMutex [ID=1885512568]
13:54:18.484Z|6|28AC* <-- UaSession::setSecureChannelMutex
13:54:18.484Z|7|28AC* Client information:
13:54:18.484Z|7|28AC* Client ApplicationUri = urn:eclipse:milo:examples:client
13:54:18.484Z|7|28AC* Session name = UaSession:eclipse milo opc-ua client:1592229258431
13:54:18.484Z|7|28AC* Network address = [::ffff:172.16.127.1]:62639
13:54:18.484Z|7|28AC* EndpointUrl = opc.tcp://DESKTOP-4KN5LL4:48010
13:54:18.484Z|7|28AC* MessageSecurityMode = Sign
13:54:18.484Z|4|28AC* CALL ServerConfig::logonSessionUser
13:54:18.484Z|4|28AC* [uastack] OpcUa_P_OpenSSL_CertificateStore_PopulateStore: Could not add certificate C:\ProgramData\UnifiedAutomation\UaCPPServer\pkiuser\issuers\certs/ca.der to store!
13:54:18.484Z|4|28AC* DONE ServerConfig::logonSessionUser [ret=0x80210000]
13:54:18.484Z|7|28AC* SessionManager::disconnectSessionFromSecureChannel - disconnected session 1885512568
13:54:18.484Z|6|28AC* <-- SessionManager::activateSession [ret=0x80210000]
13:54:18.484Z|3|28AC* Session/ActivateSession - SessionId: {a3a27ec5-f2a0-4c56-8e4d-681db67ab7e5}
13:54:18.484Z|3|28AC* Session/ActivateSession - ClientUserId:
13:54:18.484Z|3|28AC* Session/ActivateSession - UserTokenCertificate: Certificate Data: 308203253082020DA00302010202045EE77C1C300D06092A864886F70D01010B050030123110300E06035504030C0755736572204341301E170D3230303631353133343831325A170D3231303631353133343831325A30173115301306035504030C0C4B6576696E20486572726F6E30820122300D06092A864886F70D01010105000382010F003082010A0282010100E1D381FB2F28C17247081C4AEA7979DF0174798813A3FEF90851353274C652B8434652ADEA63D19ABADCD98E1F3FF8DA78AB532FC5134CCA58CF6C2BD68767821C0A3F0D6279C67E7CF051E9766716C27CCF225EC1B2D5ED71D881E6F50EF401D2A4B8159876337A820FFE8E7573C905513EF60A3C850A27C8C49FC4B372F0480EC8EC433FCD2FB90C12061D40F24364E3DE2E3513F6AC0B78E8AC08C8463C0F139BC1DE5844D8F5B80CEDA9F74F14FA7A0A518999738CF6952D3C3BF4D19DBDF0456BB0399BECBD4B812FE7A34F7CD78AA3ED0D0D240BC4CBD881337BC36378375E45FFEF675B24AC60CEBBF94718064306D96BE1F547B3E3B08D0B13A197350203010001A37E307C303D0603551D230436303480145BBCC422A09CBDAC8F5E5A8EFE7B92780544FE23A116A41430123110300E06035504030C075573657220434182045EE77B9D301D0603551D0E04160414E1E691218AFFCAB3EBDDAA2AB88076DCA46192B2300B0603551D0F0404030202FC300F0603551D25040830060604551D2500300D06092A864886F70D01010B0500038201010043B458B152697E2E7D9BEEB8A68963DCAD5061EDA84718B16CDC09AC67A515DA53265C75100A1CB13E1E2B098E49487120E0E4D322EDF20FDD221BB2B013033C530E6E6AA270DBC19062E17CBB3679A8A0426C9C563979CC72D74B835293F9047DA8FD47F45515E8F369FCD8DBC0ED1FD44A2219488C831CEAB741C4ED82D49B8E913131E5F02322CD293577869D8E10CD85C65E50BB421FF05170C4E1BEC59E353E92F3746AD0E0A1A1693D851BE0FB3AB3BFAD0D01AA31DF18B9B52930A603FDA8BEBAD330D58B1E036C9853A2EBC9F541D908E3281B82BC08E1F1B75A1EEBDA576F38B0CEBF22381D6A55204C22C25BF7EB1CCE91DE8BD1E47519AAA56FA5
13:54:18.484Z|6|28AC* --> UaSession::lockSendResponse [ID=1885512568]
13:54:18.484Z|6|28AC* <-- UaSession::lockSendResponse
13:54:18.484Z|6|28AC* --> UaSession::unlockSendResponse [ID=1885512568]
13:54:18.484Z|6|28AC* <-- UaSession::unlockSendResponse