If you hadn't mentioned client certificates specifically, I'd suggest perhaps a rdr-to an internal nginx reverse proxy that does client SSL certificate verification.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
|