At work I've setup Client Side Certificate Authentication to protect a sensitive
website for HR since the built-in authentication mechanism left more to be
desired.
I'm going to skip the part about how I've set it up, but the important part is
that I used easy-rsa to make the management