CodePudding user response:
The line from ACM to the client in the diagram is just ACM issuing the client certificate. It wouldn't make much sense (from a security perspective) for the client to go somewhere else than the server to get the server certificate.
SSL/TLS certificate validation happens during the SSL handshake when the TCP connection between the client and server is initially established.