I have been asked the following question during an audit, which I personally don't understand.
"When using Mutually authenticated TLS is authorisation based on the certificate name(and not just on the root CA)?" Can anyone clarify what exactly this means and whether Tomcat supports this? Cheers