At work I've setup Client Side Certificate Authentication to protect a sensitive website for HR since the built-in authentication mechanism left more to be desired. I'm going to skip the part about how I've set it up, but the important part is that I used easy-rsa to make the management