Set up your HTTP client to use one of four types of authentication.
Intermediary refers to the relay server or an apache reverse proxy. The requests are sent on mutual SSL connection from client to intermediary and then intermediary to SUP. From client to intermediary, client certificate is used on transport level. From intermediary to SUP, the impersonator certificate is used on transport level. The client certificate is forwarded as SSL_CLIENT_CERT HTTP request header.
A request targeting a resource that requires authentication fails with error code 401 unless X.509 mutual authentication is used to establish a valid authenticated request context (The certificate validation login module must exist in the security configuration used to authenticate the request and the certificate validation must be successful and sufficient. If that is not the case, regular username/password or token authentication is attempted and the request is authenticated equal to a non X.509 authenticated connection). After three subsequent failed authentication attempts using the same X-SUP-SESSID, the fourth attempt fails with a 403 error code.